BitLocker Recovery mode
During patch Tuesday on august 9, 2022, Microsoft released a Windows update that can cause BitLocker to activate recovery mode and prompt the end-user for a recovery key.
With the update KB5012170, Microsoft has fixed some security vulnerabilities in Secure Boot by updating Secure Boot DBX - which can cause BitLocker to activate recovery mode.
Only one time after the update has been installed and the computer has been rebooted, the prompt is presented.
Due to the above, CapaSystems recommends that all our customers take the following actions:
Ensure that all active BitLocker recovery keys are saved in Active Directory and/or CapaInstaller
Consider postponing the installation of KB5012170
We have developed a computer package to collect and save all active BitLocker recovery keys.
If you already have a subscription for CapaBitLocker and are using Cloud Updater :
• The package will automatically download to your CapaInstaller environment.
If you do not have a subscription for CapaBitLocker or you are not using Cloud Updater :
• Download the package here
Technical Notes
To validate that the BitLocker recovery keys have been correctly saved in Active Directory and/or CapaInstaller, the settings in the package script must be updated to match your environment.
Our guide describes how to do it.
Microsoft has confirmed that the update can cause issues with BitLocker and are working on a solution. You can read more about it here
Read more about BitLocker recovery
Read more about issues with the update