Windows Update causes BitLocker Recovery
The latest Windows Update causes unexpected major issue, locking out millions of users out from their laptops.
All hardware and software providers have robust processes and procedures to mitigate the risk of customer disruption, however, that risk is never zero! Whatever precautionary steps anyone takes, we are all never 100% immune. As we have seen from Microsoft and Crowdstrike, even with the most well-tested and well-intended updates, mistakes can happen due to the complexity and intertwining of systems these days.
Following the outage caused by Crowdstrike, as expected, Microsoft released a windows update and as predicted, this has also had a major knock on effect causing millions of laptops to start up in a blue screen, asking for a 48 character bit locker key to be entered manually before the laptops would boot up. This effected between 200 and 500 specific makes and models of laptops sold worldwide including Microsoft's own Surface Laptops! Read more about this here:-
KB5040442 / KB5040427: Microsoft confirms Windows PCs boot into BitLocker recovery - Neowin
Bit Locker means hard drive encryption and through their updates, Microsoft have now forced this to be ON as part of their continuous security improvements. However, your Bit Locker key which is needed to decrypt the drive could be stored anywhere, against any account, or even locally on the device itself. Therefore knowing where your key is stored and how to access this is very important, otherwise your device will become unusable. Below are ways to do this but if a computer has changed hands then your Bit Locker key could be tied to the original user's Microsoft account. Computer Clinic are on hand to proactively assist with this process too.
------------------------------------------------------------------------
How to check for Stored Recovery Keys
● Microsoft Account:
a. Go to the Microsoft account website
b. Log in with the associated Microsoft account
c. Check for recovery keys under the "Devices" section
● Azure Active Directory (Azure AD):
a. Go to the Azure portal
b. Navigate to Azure AD > Devices > All Devices
c. Select the device and check if the BitLocker recovery key is listed
● Active Directory (AD):
a. Open the Active Directory Users and Computers snap-in
b. Right-click on the computer object and select "Properties."
c. Go to the "BitLocker Recovery" tab to see if the key is stored
------------------------------------------------------------------------
Prevent Future Loss of your Bit Locker key
● Backup Recovery Keys: Ensure that recovery keys are backed up in multiple secure locations
● Document Management: Implement a policy for documenting and storing recovery keys securely
------------------------------------------------------------------------
Example: Checking Microsoft Account for Recovery Keys
1. Log in to the Microsoft Account
2. Sign in with the Microsoft account associated with the device
3. View the list of recovery keys saved to your account and locate the key for the device in question
Example: Checking Azure AD for Recovery Keys
1. Log in to the Azure Portal
2. Navigate to "Azure Active Directory" in the left-hand menu
3. Under "Manage," select "Devices."
4. Locate and select the device in question
5. View the recovery key in the "BitLocker Keys" section
------------------------------------------------------------------------
Computer Clinic are on hand to assist with any of the above as needed.