June’s Home windows 10 patch has a BitLocker consumer lockout downside… once more

As a part of Patch Tuesday earlier this week, Microsoft additionally launched a Home windows 10 cumulative replace: KB5094127. Nonetheless, after putting in this patch, some Home windows 10 customers are experiencing points.

Microsoft warns that, underneath sure circumstances, replace KB5094127 could end in customers having to enter their BitLocker restoration key after restarting their PC, studies BetaNews. Astute readers will keep in mind that this type of factor has occurred earlier than, together with again in Could 2025 and November 2025. By some means, it’s taking place once more.

This time round, Microsoft is saying that the issue could happen on computer systems with an “unrecommended” BitLocker Group Coverage configuration. Nonetheless, solely a restricted variety of computer systems are believed to be affected. Microsoft describes the precise circumstances that may result in this downside on this help web page:

Some units with an unrecommended BitLocker Group Coverage configuration is likely to be required to enter their BitLocker restoration key on the primary restart after putting in this replace.

This situation solely impacts a restricted variety of programs by which ALL the next circumstances are true. These circumstances are unlikely to be discovered on private units not managed by IT departments.

1. BitLocker is enabled on the OS drive.
2. The Group Coverage “Configure TPM platform validation profile for native UEFI firmware configurations” is configured, and PCR7 is included within the validation profile (or the equal registry key’s set manually).
3. System Info (msinfo32.exe) studies Safe Boot State PCR7 Binding as “Not Potential“.
4. The Home windows UEFI CA 2023 certificates is current within the machine’s Safe Boot Signature Database (DB), making the machine eligible for the 2023‑signed Home windows Boot Supervisor to be made the default.
5. The machine just isn’t already operating the 2023-signed Home windows Boot Supervisor.

On this situation, the BitLocker restoration key solely must be entered as soon as—subsequent restarts is not going to set off a BitLocker restoration display screen, so long as the group coverage configuration stays unchanged. For assist discovering your BitLocker restoration key, see the article Discover your BitLocker restoration key.

Microsoft emphasizes that “private units not managed by IT departments” are unlikely to be affected by this BitLocker situation. Getting into the BitLocker restoration key after restarting your PC is due to this fact prone to be required solely on enterprise and organizational Home windows 10 computer systems that meet all of the circumstances above.

Even on affected computer systems, nonetheless, the issue is restricted—getting into the BitLocker restoration key simply as soon as is sufficient. The true downside for a lot of customers is prone to be that they don’t know their BitLocker restoration key, so gained’t be capable to enter it. Such customers will then be locked out of their PCs till IT can present BitLocker restoration keys.

Microsoft is presently engaged on an answer to this downside. Till a repair is launched, IT directors can work round the issue by eradicating the Group Coverage configuration earlier than putting in the replace. Directions for that may be discovered on this help web page.

Replace KB5094127 is barely accessible to Home windows 10 customers who’re registered for the free Prolonged Safety Updates (ESU) program, each for Home windows 10 21H2 and 22H2. KB5094127 fixes quite a few bugs, points, and safety vulnerabilities within the working system.