/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130344212z-iw-new.png)
/industry-wired/media/agency_attachments/2024/12/04/2024-12-04t130332454z-iw-new.jpg)
/industry-wired/media/media_files/2025/05/21/microsoft-fixes-bitlocker-glitch-that-hit-enterprise-windows-10-systems-508956.jpg)
/industry-wired/media/media_files/2025/05/21/microsoft-fixes-bitlocker-glitch-that-hit-enterprise-windows-10-systems-508956.jpg)
Patch KB5061768 is critical for Intel vPro PCs facing LSASS crash and BitLocker recovery prompts after recent updates
A sudden BitLocker recovery issue disrupted thousands of enterprise Windows 10 devices after Microsoft’s May 2025 security update. In response, Microsoft rolled out an urgent patch—KB5061768—to fix the widespread lockout problem. This fix is aimed at systems with 10th-generation or newer Intel vPro processors where Intel Trusted Execution Technology (TXT) is enabled.
Problem Traced to May Update KB5058379
The issue began with the update KB5058379, released on May 13. It caused critical failures in the Local Security Authority Subsystem Service (LSASS), triggering Windows Automatic Repair. Once that repair process started, affected systems prompted users for their BitLocker recovery keys. Numerous found themselves stuck in boot loops or blue-screened into each other, causing alarm within corporate environments.
Enterprise Systems Hit Worst, Home Machines Relatively Safe
Though home machines remained relatively untouched, large enterprise environments operating high-security setups were affected by support anarchy. A few machines could not recover without manual interventions.
Microsoft admitted the issue on its Windows Health Dashboard, confirming that this problem hit enterprise versions like Windows 10 22H2 and LTSC editions the hardest.
Urgent Patch KB5061768 Released with Manual Installation
The newly released KB5061768 patch is cumulative, meaning it does not depend on older updates. However, it does not come through standard Windows Update.
Instead, users must manually download it from the Microsoft Update Catalog. Microsoft emphasized that only those affected should install the update, since it's tailored to solve a specific glitch.
Patch Includes Servicing Stack Update for Reliability
The fix comes bundled with the latest servicing stack update, SSU KB5058526, improving update reliability. But those who are dealing with offline images or older builds need to install the earlier stack updates first for simple patching.
Temporary Fix: Intel TXT Disable in BIOS
Administrators that are not able to install the update immediately can turn Intel TXT off in BIOS settings to prevent the recovery loop. After installing KB5061768, the setting can be re-enabled, although the system will again ask for the BitLocker key.
History of BitLocker Disruptions
This is not the first BitLocker-related disruption. Similar issues occurred in August 2022 and again in July 2024. However, this time the problem targeted a narrower hardware set, mostly seen in business-class systems with advanced security features.
Microsoft Flags Issue as Known Security Problem
Microsoft has flagged the situation as a known operating system security issue. A more permanent solution is expected in the June 2025 Patch Tuesday update. Until now, the KB5061768 patch is the only official fix to this fatal error.
End of Windows 10 Support Rings Alarm
As Windows 10 is approaching its official end-of-support date of October 14, 2025, the sense of urgency for updates has increased.
This occurrence points to the increased threat of migration delay or missed patching in enterprise settings. Microsoft strongly advises the transition to Windows 11 prior to the support end.
KB5061768 Patch Essential for Intel vPro and BitLocker Users
The current glitch and emergency fix serve as a reminder of the importance of timely updates. For businesses relying on Intel vPro and BitLocker, the KB5061768 update offers an essential safeguard against system lockouts and security setbacks.