On May 15, Windows Latest reported that a bug in the Windows May 2025 update triggers the ‘Bitlocker Recovery process’ out of nowhere. This was verified in our own tests, and at that time, Microsoft had not acknowledged our reports. Today, Microsoft updated one of its support documents to confirm that there’s a bug in KB5058379 that locks up Windows 10.
In our tests, Windows Latest observed that after installing Windows 10 KB5058379 (May 13, 2025) security update, our Intel PCs were getting locked with a BitLocker Recovery screen. This affects PCs made by Dell, Lenovo and HP. It’s not OEM specific, as the issue is caused by KB5058379.
After restarting the PC for KB5058379 installation, you may land on the blue “Enter the recovery key to get going again” screen or, in rarer cases, a Blue Screen of Death followed by that same BitLocker prompt.
In case BitLocker protection is turned off, which is not the case across most organizations, you’ll be on the boot menu with Automatic Repair as an option. Here is the pattern
In an update to its support document spotted by Windows Latest, Microsoft confirmed that it’s aware of an issue where lsass.exe, short for Local Security Authority Subsystem Service, would crash abruptly.
When LSASS crashes, you won’t be able to authenticate your Windows account.
Since LSASS is crashing before Windows can boot to the lock screen, you’ll see the Windows Recovery Menu or the BitLocker Recovery screen when BitLocker is turned on.
Microsoft says it has observed these system crashes on PCs with Intel’s 10th processors or newer, including Intel vPro processors. This happens due to a compatibility issue between Windows 10 KB5058379 and Intel Trusted Execution Technology (TXT).
What is Intel TXT and how is it related to Windows 10 May update issues?
As Intel describes, TXT is typically turned on by default, and it acts as a security feature to defend against BIOS corruption from software-based attacks. It’s unclear how the May 2025 Update is messing with the Intel TXT feature, which has been there for years.
Microsoft says that it’s working on a workaround, and it also plans to release another update to patch this issue.
In most cases, you’ll be able to boot to the desktop again by entering the recovery keys, but Microsoft can’t help if you don’t have the keys with you.
“Microsoft Support doesn’t have the ability to retrieve, provide, or recreate a lost BitLocker recovery key,” the company said.
What to do when you don’t have the BitLocker keys and Windows KB5058379 has locked your PC?
If you’re unable to boot or don’t have the BitLocker key available at the moment, I recommend following these steps and turning off Intel’s TXT feature for now:
- Try to reboot and enter BIOS/UEFI. How do you enter BIOS menu? It depends on OEM-to-OEM, but typically, you’ll need to press F2, F10, F12, or Esc when the logo shows up during reboot/power on.
- In the BIOS menu, look for the Intel TXT feature. It’s typically located inside Security > Virtualization or Advanced CPU Settings. You just need to locate Intel TXT / Trusted Execution (sometimes labeled OS Kernel DMA Support).
- Once you’ve located the setting, turn off Intel TXT, but you can leave VT-d / VT for Direct I/O enabled.
- Save and reboot.
Windows will now boot correctly, and you won’t see BSOD or BitLocker Recovery Keys.
These steps are recommended when you’re seeing BSOD or BitLocker Recovery Screen, but don’t have the keys with you. When you have the key, you can type it and allow Windows to roll back.
Based on reports spotted by Windows Latest, Windows 10 KB5058379 BitLocker/Recovery issues typically show up on Windows 10 22H2 or 21H2 LTSC/Enterprise systems that use Intel vPro-class processors with Intel Trusted Execution (TXT) enabled.
TXT works hand-in-hand with BitLocker, so when the update touches core boot files, BitLocker assumes the hardware has changed and demands the recovery key.
We’ve also seen some isolated reports of similar issues on Windows 11 after the May 2025 Update, but I don’t think it’s widespread.
