Last week, Microsoft released the May 2025 cumulative update for Windows 10 and 11. Following the update, a significant number of devices began rebooting directly into the Microsoft BitLocker recovery screen, prompting users to input a recovery key to decrypt their data. For those without access to the key, recovery may prove impossible, forcing a complete system reinstall and resulting in the loss of all stored data.
Upon investigation, Microsoft identified the root cause as a conflict between the cumulative update and Intel’s Trusted Execution Technology (Intel TXT). This incompatibility triggers the unexpected termination of the lsass.exe process, thereby initiating Windows’ automatic recovery protocol on affected systems.
Lsass.exe is a critical process within the Local Security Authority Subsystem Service, responsible for enforcing local security policies and authenticating both local and remote user logins. The BitLocker recovery prompt appears because of a breakdown in compatibility between Intel TXT and LSASS, which compromises system integrity.
In the aftermath of the issue, Event Viewer logs typically display Event ID 20 with error code 0x800F0845, as well as Event ID 1074 indicating that lsass.exe terminated unexpectedly with error code –1073740791. While Microsoft has yet to release an official fix, some users have reported success by disabling Intel TXT in the system BIOS.
Currently known affected devices include models from Dell, Lenovo, HP, and others. Theoretically, any system utilizing an Intel CPU with Intel TXT enabled may encounter similar issues upon installing the update.
If users are logged in with a Microsoft account, their BitLocker recovery key should be stored within that account and can be used to regain access. Once the system is restored, it is strongly advised to pause updates to prevent reinstallation and recurrence of the compatibility issue.
Microsoft is expected to provide an official resolution via the Windows 10/11 Health Dashboard. Until then, users are advised either to pause further updates or temporarily disable Intel TXT in BIOS to mitigate the risk.
