Avoid BitLocker recovery mode

August 22, 2022

A helping hand to our customers

During patch Tuesday on august 9, 2022, Microsoft released a Windows update that can cause BitLocker to activate recovery mode and prompt the end-user for a recovery key.

With the update KB5012170, Microsoft has fixed some security vulnerabilities in Secure Boot by updating Secure Boot DBX – which can cause BitLocker to activate recovery mode.

The prompt is presented only once after the update has been installed and the computer has been rebooted.

CapaSystems recommends:
Due to the above, CapaSystems recommends that all our customers take the following actions:

  1. Ensure that all active BitLocker recovery keys are saved in Active Directory and/or CapaInstaller
  2. Consider postponing the installation of KB5012170

We have developed a computer package to collect and save all active BitLocker recovery keys.

If you already have a subscription for CapaBitLocker and are using Cloud Updater:

  • The package will automatically download to your CapaInstaller environment

If you do not have a subscription for CapaBitLocker or you are not using Cloud Updater:

If you need help – don’t hesitate to contact our Consulting Department. We will give a reasonable price for the assignment:

Technical Notes:

To validate that the BitLocker recovery keys have been correctly saved in Active Directory, the settings in the computer package must be updated to match your environment.
Our guide describes how to do it.

ℹ️ Microsoft has confirmed that the update can cause issues with BitLocker and is working on a solution. 

Useful knowledge:

Rikke Borup

Chief Marketing Officer