Roll back: Microsoft deactivates BitLocker security fix again

When it comes to the problems with BitLocker encryption in Windows, Microsoft just can’t stop working – there’s a new bug again. This affects a security update, which Microsoft has now partially withdrawn.

Microsoft disables BitLocker security fix

Microsoft has disabled a recently released security fix for BitLocker after numerous users reported that it caused unexpected problems. The fix was originally intended to close a critical vulnerability (CVE-2024-38058) that allows attackers to bypass BitLocker encryption and access encrypted data if they have physical access to an affected device. However, after installing the fix, firmware incompatibilities arose. This can then cause affected devices to enter BitLocker recovery mode.

This behavior was reported by many users, prompting Microsoft to temporarily disable the fix in the August 2024 security updates. The company explained in an update that due to the compatibility issues, it was not responsible to continue offering the fix without further investigation and adjustments.

For users who still want to protect their devices against the CVE-2024-38058 vulnerability, Microsoft now offers a manual solution. This is available in the Recommendation KB5025885 described in detail Instead of installing a security update as usual, users have to go through a multi-step process that requires, among other things, eight restarts of the affected device.

Beware of the changes

What is particularly tricky is that the protective measures taken on devices with Secure Boot enabled cannot be reversed, even after reformatting the hard drive. Microsoft therefore strongly advises against applying these measures without thorough testing.

For many users, waiting for another update means that they have to forego automatic security solutions for the time being and instead resort to manual processes to protect their systems. This not only represents an increased technical challenge, but also carries the risk that inexperienced users may put their systems in a state that cannot be easily reversed.