Security News > 2021 > February > Windows 10 Secure Boot update triggers BitLocker key recovery
Microsoft has acknowledged an issue affecting Windows 10 customers who have installed the KB4535680 security update that addresses a security feature bypass vulnerability in Secure Boot.
Windows versions affected by this vulnerability include multiple Windows 10 releases, Windows 8.1, Windows Server 2012 R2, and Windows Server 2012.
Installing the KB4535680 security update on systems running affected Windows versions might lead to the BitLocker recovery key being requested after rebooting, according to a known issue recently acknowledged by Microsoft.
"If BitLocker Group Policy Configure TPM platform validation profile for native UEFI firmware configurations is enabled and PCR7 is selected by policy, it may result in the BitLocker recovery key being required on some devices where PCR7 binding is not possible," Microsoft explains.
BitLocker is Microsoft's full volume encryption feature that ships with all Windows versions since Windows Vista and uses the XTS-AES encryption algorithm to encrypt computer hard drives or removable drives to prevent data theft or exposure.
Users experiencing BitLocker recovery issues can use the information provided by Microsoft here to locate their recovery key.
News URL
Related news
- Microsoft tests new Windows 11 tool to remotely fix boot crashes (source)
- Windows 11 quick machine recovery: Restoring devices with boot issues (source)
- Windows 10 KB5055518 update fixes random text when printing (source)
- Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug (source)
- Windows 10 KB5055612 preview update fixes a GPU bug in WSL2 (source)
- Microsoft silently fixes Start menu bug affecting Windows 10 PCs (source)
- M365 apps on Windows 10 to get security fixes into 2028 (source)