If you're planning on downloading the latest Microsoft Security Update for Windows, it's a good idea to have your BitLocker key ready to go. According to The Register, users who download the update are having quite a few issues, including being completely locked out of their PCs on restart.
The latest Windows security update for Secure Boot DBX released nearly two weeks ago on August 9 and since then has been giving users all sorts of problems. Not unlike the last security patch for Windows 11. Dubbed KB5012170, this update comes with fixes for exploits that could allow unauthorised code to run during the boot process, so it's important for security, especially when Unified Extensible Firmware Interface is used.
Unfortunately, as mentioned the KB5012170 update has also been locking users out of their PCs. Once the update has been installed and the PC has performed a mandatory restart, some users are being prompted for their BitLocker key to get back into their computers. Of course, most people aren't going to have that on hand at the time, let alone necessarily even know what it is.
Thankfully, Microsoft has a support page that can direct most users to find their BitLocker recovery key. However, there are still going to be plenty of users who won't be able to access the key for whatever reason, be it a work device, family gift, hand-me-down, or just having lost passwords. All of which can mean suddenly being locked out of devices for doing a security update.
One source told the register that 2% of the 400 PCs they look after had been locked out after the restart, and all of them so far have been running Windows 11. Finding the keys required logging into Azure, a solution certainly not available to everyone, and then having to match the right one to the right machine. It sounds like a pain worth holding off on the update to avoid.
For now, Microsoft's support page for the KB5012170 update has acknowledged the issues, and is working on a resolution to be available in an upcoming release. We recommend avoiding the update until a fix is available, unless you're absolutely sure you have access to that BitLocker key, just in case.