Notebookcheck Logo

Microsoft confirms new BitLocker bug in latest Windows and Server updates

Microsoft's April 2026 Windows update has triggered unexpected BitLocker recovery prompts on some Windows Server 2025 and Windows devices
ⓘ Freepik.com
Microsoft's April 2026 Windows update has triggered unexpected BitLocker recovery prompts on some Windows Server 2025 and Windows devices
Microsoft confirmed that its April 2026 security updates, including KB5082063 and KB5083769, are triggering BitLocker recovery prompts on some Windows Server 2025, Windows 11, and Windows 10 devices.
Windows Software Security Laptop Desktop

Microsoft's April 2026 update triggers BitLocker recovery on some Windows Server 2025 devices. Admins are being locked out on the first reboot after installing KB5082063, with Microsoft confirming the issue and issuing workarounds while a permanent fix is in development.

Microsoft confirmed on April 15, 2026, that some Windows Server 2025 devices are entering BitLocker recovery mode after installing the April 2026 security update, KB5082063, released on April 14. The issue also affects Windows 11 devices that have installed updates KB5083769 and KB5082052 under the same conditions.

When a device enters BitLocker recovery, it requires a 48-digit recovery key before the operating system can finish loading. Microsoft says the recovery prompt only appears on the first restart after the update. Subsequent reboots do not trigger it again, as long as no further Group Policy changes are made.

Who is affected

Microsoft says the issue is unlikely to hit personal devices. It occurs only when all five specific conditions are present at the same time. BitLocker must be enabled on the OS drive. The Group Policy setting for TPM (Trusted Platform Module) platform validation must be configured to include PCR7. 

The system information tool msinfo32.exe must report Secure Boot State PCR7 Binding as "Not Possible." The Windows UEFI CA 2023 certificate must be present in the Secure Boot Signature Database. And the device must not already be running the 2023-signed Windows Boot Manager. These configurations are typically found only on enterprise-managed systems.

What Microsoft recommends

Microsoft recommends removing the PCR7 Group Policy configuration before deploying the KB5082063 update. Admins should also confirm that BitLocker bindings use the PCR7 profile. For those who cannot remove the policy before installing, Microsoft has made a Known Issue Rollback (KIR) available through its business support channels. 

The KIR prevents the automatic switch to the 2023 Boot Manager and stops the BitLocker recovery screen from triggering. A permanent fix is in development and will arrive in a future Windows update.

Separately, Microsoft also flagged that some Windows Server 2025 devices are failing to install the April update entirely, with the error code 800F0983 appearing during installation. The company says it is investigating the root cause.

A recurring problem

This marks the fourth time in four years that a Patch Tuesday update has triggered unexpected BitLocker recovery prompts. The same issue surfaced in August 2022 with KB5012170, again in July 2024 across all supported Windows versions, and most recently in May 2025 on Windows 10 systems.

Despite the known issue, Microsoft is not advising admins to skip the April update. The release addresses 167 vulnerabilities, including two zero-day flaws, one of which was actively exploited before the patch was available.

Google LogoAdd as a preferred source on Google
Mail Logo
Read all 1 comments / answer
static version load dynamic
Loading Comments
Comment on this article

Related Articles

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2026 04 > Microsoft confirms new BitLocker bug in latest Windows and Server updates
Darryl Linington, 2026-04-18 (Update: 2026-05- 1)