Microsoft released the KB5089549 cumulative update for Windows 11 25H2 to fix a known issue where devices boot into BitLocker recovery after installing the April 2026 security updates. The bug affects systems with an 'unrecommended' BitLocker Group Policy configuration involving invalid PCR7 TPM validation settings. Windows 10 and Windows Server users must wait for a future fix. In the meantime, admins are advised to remove the 'Configure TPM platform validation profile for native UEFI firmware configurations' Group Policy setting before deploying April 2026 updates. This is not the first time Windows security updates have triggered BitLocker recovery prompts — similar incidents occurred in 2022, 2024, and May 2025.
Sort: