Microsoft has confirmed a BitLocker crash in recent Windows and Windows Server updates.

Microsoft has officially confirmed an issue that emerged after the installation of April security updates across several versions of Windows. Reports of the failure began coming in from system administrators and users following the recent deployment of patches.

Details and scope of the BitLocker recovery failure

The issue occurs after installing package KB5082063 on Windows Server 2025 (released on April 14), as well as updates KB5083769 and KB5082052 for Windows 11 and Windows 10. After the first reboot, some devices enter BitLocker recovery mode, which blocks system access. In this case, the system requests a 48-digit recovery key to complete the operating system boot process. In most cases, subsequent reboots do not trigger the recovery key prompt again unless group policy settings are changed.

The technical team clarified that the issue primarily affects enterprise systems when five conditions are met simultaneously:

• BitLocker enabled on the system drive
• Group policy configured for TPM validation with PCR7 enabled
• msinfo32.exe status for Secure Boot PCR7 Binding shows “Not possible”
• Presence of the Windows UEFI CA 2023 certificate in the Secure Boot database
• Absence of a Windows Boot Manager signed in 2023

Since these configurations are typical for managed workstations, personal computers are virtually unaffected.

Recommendations and available workarounds

To prevent the issue, Microsoft recommends that administrators remove the PCR7 configuration in Group Policy before deploying update KB5082063 and verify correct BitLocker binding. For systems where configuration cannot be adjusted in advance, a Known Issue Rollback (KIR) mechanism has been enabled via enterprise support channels. It blocks the transition to the new Boot Manager and prevents the recovery screen from appearing.

An additional issue has also been reported for Windows Server 2025, where some devices are unable to install the April update due to error 800F0983, the cause of which is currently under investigation. This marks the fourth similar incident in the past four years: comparable BitLocker-related issues occurred in August 2022, July 2024, and May 2025.

Despite the technical difficulties, experts advise against skipping the update, as it addresses 167 vulnerabilities. Among them are two zero-day vulnerabilities, one of which was actively exploited by attackers before the patch was released. A stable fix for the BitLocker issue is already in development and will be included in future updates.