Bitlocker issues with KB5089549
Posted by iAmEnieceka@reddit | sysadmin | View on Reddit | 15 comments
Hi,
We’re currently seeing the same Bitlocker issue with KB5089549 from May that KB5083769 from April caused. Windows 11 devices get stuck on the Bitlocker recovery screen. After filling in the key, devices boots normally. However, at next (re)boot the issue comes back again.
Weirdly enough, this update should’ve fixed this issue (https://www.windowslatest.com/2026/05/14/microsoft-confirms-windows-11-no-longer-triggers-bitlocker-recovery-screen-after-monthly-updates/). In fact, it got worse for us. More machines are having the issue after the May update.
Has anyone seen the same behavior?
unstopablex15@reddit
Bitlocker is no longer secure and microsoft is frantically trying to fix it while breaking more shit, not surprising.
picklednull@reddit
It has always been plenty secure if you optimize for it instead of usability.
unstopablex15@reddit
Have you not heard about the recently discovered 0-day for bitlocker?! It's 100% not secure! You can check this article out if you haven't heard: https://www.bleepingcomputer.com/news/security/windows-bitlocker-zero-day-gives-access-to-protected-drives-poc-released/
picklednull@reddit
... Which is mitigated by PIN...:
unstopablex15@reddit
Agreed on using the PIN, but aside from that it hasn't been 100% secure for years.
picklednull@reddit
Please define ”100% secure”
unstopablex15@reddit
I mean nothing is 100% secure, but in relation to that vulnerability, that seems like a pretty big one.
rejectionhotlin3@reddit
Wat. If it's blocking people from using the very device they are "securing" then it's a failed experiment. This exploit by definition just showed bitlocker is just warm and fuzzies for "security" sake. And as per usual Microsoft security is swiss cheese.
picklednull@reddit
What do you mean?
It has been documented for over 15 years that requiring a PIN with TPM mitigates a whole class of vulnerabilities and is the optimal configuration security-wise.
If you make a security tradeoff for usability, sometimes you get bit (the risk is realized).
See also:
Prestigious-Hat-9114@reddit
Is that HP? If it is, you need to go to BIOS to enable all those certificates under secure boot configuration.
Im-not-bald-dammit@reddit
Just to follow up on this, as HP have indeed added their own flair to this situation 😄
https://support.hp.com/us-en/document/ish_14914515-14914500-16
Onoitsu2@reddit
Usually this is fixed by suspending BitLocker, rebooting, then un-suspending it.
flowflag@reddit
efi partition full ?
the_doughboy@reddit
The funny thing is that the May update was supposed to prevent what you're seeing.
bjc1960@reddit
This may sound counter-intuitive but find the option to skip entering the key. We had that on several computers and skipping the key solved it.