<p class="heading_excerpt">Microsoft is working towards patching the issue affecting many Windows versions.</p> Microsoft is working to fix a Windows 10 bug that triggers BitLocker's recovery mode. The bug was introduced to Windows 10 as part of a recent update that addressed a Secure Boot vulnerability. What Is the BitLocker Recovery Mode Bug? The KB4535680 update was released to Windows systems in January 2021. The original update was a security update denews24nationed to resolve an issue with Secure Boot, a security feature that blocks untrusted operating systems from booting on your computer. Its primary role is to protect against dangerous malware types, such as rootkits and bootkits. However, a side effect of the KB4535680 security update was the accidental introduction of a bug affecting BitLocker. When triggered, it causes the BitLocker recovery mode function to run, which requests your BitLocker recovery key. You can read the full Microsoft Security Update blog for more information. If BitLocker Group Policy Configure TPM platform validation profile for native UEFI firmware configurations is enabled and PCR7 is selected by policy, it may result in the BitLocker recovery key being required on some devices where PCR7 binding is not possible . . . Specifically, setting this policy with PCR7 omitted, will override the Allow Secure Boot for integrity validation Group Policy. This prevents BitLocker from using Secure Boot for platform or Boot Configuration Data (BCD) integrity validation. Setting this policy may result in BitLocker recovery when the firmware is updated. The BitLocker recovery mode bug is affecting multiple Windows versions: Windows Server 2012 x64-bit Windows Server 2012 R2 x64-bit Windows 8.1 x64-bit Windows Server 2016 x64-bit Windows Server 2019 x64-bit Windows 10, version 1607 x64-bit Windows 10, version 1803 x64-bit Windows 10, version 1809 x64-bit Windows 10, version 1909 x64-bit If you encounter this error, you should consult the Microsoft BitLocker recovery key guide. BitLocker Recovery Mode Bug Workaround There is a workaround available for the BitLocker recovery mode, but it depends on the device configuration. Specifically, how the device's Credential Guard is configured and whether you've already installed the update. Related: How to Encrypt Your Drive With BitLocker in Windows 10 If the device does not have Credential Guard enabled and the update isn't yet installed, you can run the following commands from an elevated Command Prompt to "suspend BitLocker for 1 reboot cycle:" Manage-bde –Protectors –Disable C: -RebootCount 1 You can run the command, install the security update (which includes other useful security fixes), then reboot your system without encountering the BitLocker recovery mode. If the device does have Credential Guard installed and the update isn't yet installed, it may require multiple restarts. You can run a different command that increases the BitLocker suspension count to three: Manage-bde –Protectors –Disable C: -RebootCount 3 Either way, you don't have to panic if you encounter the BitLocker recovery mode bug. Microsoft is also working towards a bug fix for this issue. What You Don’t Know About Rootkits Will Scare You <p class="">If you don't know anything about rootkits, it's time to change that. What you don't know will scare the hell out of you, and force you to reconsider your data security.</p> About The Author Gavin Phillips (724 Articles Published) Gavin is the Junior Editor for Windows and Technology Explained, a regular contributor to the Really Useful Podcast, and was the Editor for MakeUseOf's crypto-focused sister site, Blocks Decoded. He has a BA (Hons) Contemporary Writing with Digital Art Practices pillaged from the hills of Devon, as well as over a decade of professional writing experience. He enjoys copious amounts of tea, board games, and football. More From Gavin Phillips Subscribe To Our Newsletter Join our newsletter for tech tips, reviews, free ebooks, and exclusive deals! One More Step…! Please confirm your email address in the email we just sent you.