Microsoft fixes annoying BitLocker lockout — but only for Windows 11, leaving Windows 10 stuck

Last month, Windows Central reported on an issue with the April 2026 Security Update (KB5083769) for Windows 11. The update shipped with a faulty BitLocker-related issue, causing affected devices to boot directly into the BitLocker recovery screen — consequently locking users out of their Windows PCs.

My colleague Mauro Huculak published a comprehensive guide to fix the issue by undoing the Group Policy configuration or entering the recovery key when prompted.

While Microsoft confirmed that the issue wasn't widespread and only affects a small number of Windows 10, Windows 11, and Windows Server devices with a specific configuration involving BitLocker, PCR7, and Secure Boot settings, it has now shipped a fix for the issue (via Bleeping Computer).

Before I dive into the nitty-gritty, BitLocker is a Windows 11 security feature that protects your data by encrypting drives, keeping sensitive information safe from unauthorized access. It’s especially essential if your device is lost or stolen, since no one can access your files without the recovery key.

Earlier this week, Microsoft announced it had shipped a fix addressing the annoying BitLocker issue that locked users out of their PCs. However, it's worth noting that the fix is only available for users running Windows 11, version 25H2 on their devices. This means that Windows 10 and Windows Server users will have to wait a bit longer before Microsoft rolls out a permanent fix.

While Microsoft works on delivering a permanent fix for the issue across all platforms, admins are advised to remove the "Configure TPM platform validation profile for native UEFI firmware configurations" Group Policy configuration before downloading and installing the April 2026 Security update onto their devices.

I'm ecstatic that Microsoft will soon give Windows 11 users more control over Windows updates by allowing us to pause Windows updates indefinitely. The company recently announced a new feature that will allow users to automatically roll back faulty drivers.

Elsewhere, our friends at Tom's Hardware recently reported that security researcher Chaotic Eclipse (better known as Nightmare-Eclipse) managed to bypass Windows 11's sophisticated BitLocker security feature using a USB stick.

The security sleuth posted the zero-day YellowKey exploit, which enabled them to access a locked file. For context, YellowKey can be triggered by copying some files to a USB stick and rebooting to the Windows Recovery Environment. According to Tom's Hardware:

"We tested this ourselves, and sure enough, not only does it work, it bears all the hallmarks of a backdoor, down to the exploit's files disappearing from the USB stick after it's used once."

The exploit reportedly works across Windows Server 2022 and 2025, but not in Windows 10. Eclipse says they "could have made some insane cash selling this, but no amount of money will stand between me and my determination against Microsoft." You can read more about the YellowKey zero-day exploit story on Tom's Hardware.

Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.