Microsoft Fixes BitLocker Recovery Issue Only for Windows 11

Microsoft has addressed a known issue causing some Windows 11 systems to boot into BitLocker recovery after installing the April 2026 Windows security updates. The fix is contained in the KB5089549 cumulative update released for Windows 11 25H2.

BitLocker is a Windows security feature that encrypts storage drives to protect against data theft. It also often activates recovery mode after hardware changes or TPM updates, blocking access to protected drives that haven't been unlocked normally.

Microsoft acknowledged the issue on April 14, saying it affects Windows 10, Windows 11, and Windows Server devices with an unrecommended BitLocker Group Policy configuration. The company said affected devices might be required to enter their BitLocker recovery key on the first restart after installing the update.

While this issue also affects systems running Windows client platforms such as Windows 10 and Windows 11, Microsoft said it's unlikely to affect personal devices, since affected configurations are typically found only on enterprise systems managed by IT teams.

On Tuesday, Microsoft announced that it addressed the issue with the KB5089549 cumulative update for Windows 11 25H2. Windows 10 and Windows Server customers will need to wait for a fix, as a permanent resolution is planned for a future update.

The update addresses an issue where some devices might enter BitLocker Recovery after updating boot files on systems with certain Trusted Platform Module validation settings, including invalid PCR7 configurations. This might occur after installing the April 2026 security update KB5083769.

Until a fix is available for all affected platforms, Windows admins are advised to remove the "Configure TPM platform validation profile for native UEFI firmware configurations" Group Policy configuration before deploying the April 2026 updates, and to ensure that BitLocker bindings use the PCR7 profile.

This is the latest in a series of similar incidents. In August 2022, Windows devices also became stuck at a BitLocker recovery prompt after installing the KB5012170 security update. Two years later, in August 2024, Microsoft fixed another known issue that triggered BitLocker recovery prompts after installing the July 2024 Windows security updates. More recently, in May 2025, Microsoft issued out-of-band emergency updates to address a similar issue that caused Windows 10 PCs to request the BitLocker recovery key after installing the May 2025 security updates. This week, it also released the May 2026 Patch Tuesday security updates, covering 120 vulnerabilities, including 17 critical flaws.