Microsoft released one of its final updates for Windows 10 -- and it has broken things

With support for Windows 10 coming to an end in October, Microsoft will not be releasing many more security updates for the operating system. Seemingly looking to go out with a bang, the recently released KB5058379 update is giving users grief.

Pushed out earlier this week on Patch Tuesday, the KB5058379 update is causing BitLocker recovery prompts to appear on some systems following a restart. Although Microsoft is yet to acknowledge the issue in the release notes for the update, company employees have confirmed the problem in forums and have also provided a workaround.

See also:

• Microsoft will support Office on Windows 10 until 2028 -- but not the operating system
• Microsoft is giving Windows 11 users the option to install apps directly from the Start menu
• Microsoft is boosting privacy in Teams after the death of Skype

While not everyone who installs the update is affected, the appearance of WinRE BitLocker recovery screens has been mentioned by large numbers of people on Reddit, Microsoft forums and elsewhere online. As BleepingComputer points out, the issue appears to be hitting devices from certain manufacturers (namely Dell, HP and Lenovo), but the common thread is not yet known.

A particular thread on Reddit sheds more light on the issue, with one user posting a message received from Microsoft Support:

I would like to inform you that we are currently experiencing a known issue with the May Month Patch KB5058379, titled "BitLocker Recovery Triggered on Windows 10 devices after installing KB5058379" on Windows 10 machines.

The same post includes a workaround shared by Microsoft:

1. Disable Secure Boot

• Access the system’s BIOS/Firmware settings.
• Locate the Secure Boot option and set it to Disabled.
• Save the changes and reboot the device.

2. Disable Virtualization Technologies (if issue persists)

• Re-enter BIOS/Firmware settings.
• Disable all virtualization options, including:
  • Intel VT-d (VTD)
  • Intel VT-x (VTX)

Note: This action may prompt for the BitLocker recovery key, so please ensure the key is available.

3. Check Microsoft Defender System Guard Firmware Protection Status
You can verify this in one of two ways:

• Registry Method
  • Open Registry Editor (regedit).
  • Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\SystemGuard
  • Check the Enabled DWORD value:
    • 1 → Firmware protection is enabled
    • 0 or missing → Firmware protection is disabled or not configured
• GUI Method (if available)
  • Open Windows Security > Device Security, and look under Core Isolation or Firmware Protection.

4. Disable Firmware Protection via Group Policy (if restricted by policy)
If firmware protection settings are hidden due to Group Policy, follow these steps:

• Using Group Policy Editor
  • Open gpedit.msc.
  • Navigate to: Computer Configuration > Administrative Templates > System > Device Guard > Turn On Virtualization Based Security
  • Under Secure Launch Configuration, set the option to Disabled.
• Or via Registry Editor
• [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\SystemGuard]
• "Enabled"=dword:00000000

Important: A system restart is required for this change to take effect.

Image credit: Monticelllo / Dreamstime.com