What to Do if KB5058379 Causes a Reboot Loop

Microsoft has issued an emergency fix and guidelines after a Windows 10 update caused major problems for some users. It meant some machines went into an inescapable reboot loop.

The issue came with May's monthly security update, which has the reference code KB5058379. It affected users who have an Intel vPro processor with a feature called Intel Trusted Execution Technology enabled.

An Intel vPro processor is mainly aimed at small business users as it includes key security and network management capabilities. The Trusted Execution Technology feature is designed to secure computer hardware to make sure only legitimate and trusted operating systems run on it. (Source: bleepingcomputer.com)

The Windows update had a compatibility problem that meant a key Windows system file could crash during the update. As the system file (lsass.exe) is so important, this triggers an automatic repair of the system, which includes a reboot.

Reboot Loop of Doom

In some cases, this repair didn't work and after a few attempts, Windows would give up and automatically roll back to the previous security update. That's obviously not ideal, particularly if it affects an office network, but does mean the computer continue to work.

In other cases, the repair would fail and cause a continuous reboot loop in which the computer would repeatedly wind up at a screen asking for a BitLocker recovery key. BitLocker is Microsoft's own encryption tool designed to make a stolen hard drive of little use to an unauthorized user. Without the key, the system won't boot.

Microsoft has now resolved the issue with an out-of-band update KB5061768. To fix the system, users must manually download and install the KB5061768 update from Microsoft's website via the Microsoft Update Catalog page. It is effectively the original security update minus the glitch.

KB5058379 Reboot Loop with BitLocker: Fix

Users caught in the reboot loop will have some work cut out for them.

Before the system boots, they will need to go into their BIOS/UEFI settings during startup, disable "Intel VT for Direct I/O" and "Intel Trusted Execution Technology (TXT)", then install the KB5061768 update. Once that is complete, restart Windows and go back into BIOS/UEFI settings to re-enable "Intel VT for Direct I/O" and "Intel Trusted Execution Technology (TXT)". (Source: microsoft.com)

Not sure how to go into BIOS? Check with your manufacturer. The below chart shows which key is used to access the BIOS depending on brand.

Major Laptop and Desktop Brands

Major Motherboard Brands (excluding DEL)

BitLocker Key Recovery

If you are still being asked for the BitLocker Key you will need to access your Microsoft Account to obtain it (this is the easiest way). Other alternative suggestions are available at the Microsoft.com's support web page.

To get the recovery key, do the following:

• Open a web browser on another device
   
• Navigate to https://account.microsoft.com/devices/recoverykey
   
• Sign in with your Microsoft account
   
• The recovery key will be displayed, along with the Key ID
   
• Use the Key ID to match the corresponding recovery key

What's Your Opinion?

Have you experienced this problem? Do you use BitLocker? Could you remember or retrieve the BitLocker key easily if needed?