Microsoft Patches BitLocker Boot Loop Issue

Last month, Microsoft confirmed that cumulative updates for Windows 10/11 caused some systems with device encryption to automatically reboot into the BitLocker encryption recovery screen. However, this encryption was not intentionally enabled by the users, leaving some without the necessary password to recover their data.

If users logged into their systems using a Microsoft online account, the BitLocker recovery key would have been automatically synced to their account, allowing them to find the recovery key in their Microsoft account management and use it to unlock and restore their data.

However, if users logged in with a local account and do not back up the BitLocker recovery key when prompted, they are in a dire situation. In such cases, there is virtually no solution other than abandoning all data and reinstalling the system.

Microsoft has addressed this issue in today’s cumulative update, “When customers applied the fix for this vulnerability to their devices, we received feedback about firmware incompatibility issues that were causing BitLocker to go into recovery mode on some devices. As a result, with the release of the August 2024 security updates we are disabling this fix.”

If you have installed the update from August 13 or later, the issue has been resolved, and no further action is required. However, if you installed an earlier update and encountered the BitLocker recovery screen, you must enter the recovery key to unlock the system.

You can retrieve your encryption key by logging into the BitLocker Recovery Key portal using your Microsoft account.

The BitLocker encryption issue has existed since the Windows 8 era. Some devices, due to the inclusion of encryption-related modules, would automatically encrypt upon the initial startup, requiring users to manually save the recovery key.

In Windows 10/11, the key is indeed automatically saved to the Microsoft account and can be retrieved through the cloud, provided the user logs in with a Microsoft online account. Therefore, many users are baffled when they encounter this issue, wondering why they need to enter a recovery key when they never set up encryption or a password.

Under normal circumstances, the system should automatically decrypt. The problem arose due to a previous Microsoft update that caused the system to automatically enter the encryption recovery screen, at which point users realized their system had been encrypted, but by then, it was too late.

It is recommended that users check their system’s encryption settings. While encryption can indeed enhance security, if you consider this a potential risk, you might want to consider disabling it.