If you're planning on downloading the latest Microsoft Security Update for Windows, it's a good idea to have your BitLocker key ready to go. According to The Register (opens in new tab), users who download the update are having quite a few issues, including being completely locked out of their PCs on restart.
The latest Windows security update for Secure Boot DBX released nearly two weeks ago on August 9 and since then has been giving users all sorts of problems. Not unlike the last security patch for Windows 11 (opens in new tab). Dubbed KB5012170, this update comes with fixes for exploits that could allow unauthorised code to run during the boot process, so it's important for security, especially when Unified Extensible Firmware Interface is used.
Unfortunately, as mentioned the KB5012170 update has also been locking users out of their PCs. Once the update has been installed and the PC has performed a mandatory restart, some users are being prompted for their BitLocker key to get back into their computers. Of course, most people aren't going to have that on hand at the time, let alone necessarily even know what it is.
Thankfully, Microsoft has a support page that can direct most users to find their BitLocker recovery key (opens in new tab). However, there are still going to be plenty of users who won't be able to access the key for whatever reason, be it a work device, family gift, hand-me-down, or just having lost passwords. All of which can mean suddenly being locked out of devices for doing a security update.
Windows 11 review (opens in new tab): What we think of the new OS
How to install Windows 11 (opens in new tab): Safe and secure install
What you need to know before upgrading (opens in new tab): Things to note before downloading the latest OS
Windows 11 TPM requirements (opens in new tab): Microsoft's strict security policy
One source told the register that 2% of the 400 PCs they look after had been locked out after the restart, and all of them so far have been running Windows 11. Finding the keys required logging into Azure, a solution certainly not available to everyone, and then having to match the right one to the right machine. It sounds like a pain worth holding off on the update to avoid.
For now, Microsoft's support page for the KB5012170 (opens in new tab) update has acknowledged the issues, and is working on a resolution to be available in an upcoming release. We recommend avoiding the update until a fix is available, unless you're absolutely sure you have access to that BitLocker key, just in case.