check before: 2025-05-19
Product:
Windows
Platform:
Online, Windows Desktop, World tenant
Status:
Change type:
Admin impact
Links:
Details:
Microsoft has identified a known issue affecting a small number of Windows 10 devices with Intel Trusted Execution Technology (TXT) enabled on 10th generation or later Intel vPro processors. After installing the May 13, 2025, Windows security update (KB5058379), these systems might experience unexpected termination of lsass.exe, which triggers Automatic Repair. On devices with BitLocker enabled, this results in a prompt for the BitLocker recovery key to proceed.
To address this issue, an out-of-band (OOB) update has been released today, May 19, 2025 (KB5061768). This update is available exclusively via the Microsoft Update Catalog and is cumulative-no previous updates are required before installing it. It supersedes all prior updates. The OOB update is available only for the Windows versions affected by issue: Windows 10, version 22H2, Windows 10 Enterprise LTSC 2021, and Windows 10 IoT Enterprise LTSC 2021.
Important: Consumer devices running Home and Pro editions of Windows 10 are unlikely to be affected, as they typically do not use Intel vPro processors.
If you have not yet deployed the May 2025 Windows security update (KB5058379) and your IT environment includes devices with the affected processors, we recommend applying this OOB update instead: May 19, 2025-KB5061768 (OS Builds 19044.5856 and 19045.5856) Out-of-band. If your organization is not affected by this issue, you do not need to install this OOB update.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-05-20
updated:
2025-05-20
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft has released an out-of-band update to fix an issue affecting a small number of Windows 10 devices with specific Intel processors, where the lsass.exe process stops unexpectedly, causing devices with BitLocker enabled to ask for a recovery key.
Direct effects for Operations**
BitLocker Recovery Key Prompt
Unexpected termination of lsass.exe may lead to BitLocker recovery key prompt, causing delays in accessing encrypted data.
- roles: IT Administrator, End User
- references: https://support.microsoft.com/topic/75b27cbd-072e-4c5a-b40e-87e00aaa42dd
System Downtime
Automatic Repair triggered by lsass.exe termination can lead to system downtime, affecting productivity and user experience.
- roles: IT Administrator, End User
- references: https://support.microsoft.com/topic/may-13-2025-kb5058379-os-builds-19044-5854-and-19045-5854-0a30e9ee-5038-45dd-a5d7-70a8813a5e39
Increased Support Calls
Users may experience confusion and seek support due to unexpected prompts and system behavior, increasing the workload for IT support.
- roles: Help Desk Support, End User
- references: https://support.microsoft.com/topic/75b27cbd-072e-4c5a-b40e-87e00aaa42dd
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Streamlined Update Management
Implement a centralized update management system to monitor and deploy out-of-band updates more efficiently, reducing the time spent on manual checks and installations.
- next-steps: Evaluate and select a suitable update management tool that integrates with existing IT infrastructure, train IT staff on its use, and establish a regular review process for updates.
- roles: IT Administrators, System Engineers, Helpdesk Support
- references: https://www.microsoft.com/en-us/microsoft-365/blog/2021/02/16/5-tips-for-managing-windows-updates-in-your-organization/
Enhanced User Communication
Develop a communication strategy to inform users about critical updates and potential issues, reducing confusion and support requests during update rollouts.
- next-steps: Create a template for update notifications, establish a communication channel (e.g., email, intranet), and schedule regular updates to keep users informed about changes and how to respond to them.
- roles: IT Support Managers, Communications Officers, HR Managers
- references: https://www.cio.com/article/353155/how-to-communicate-it-changes-to-employees.html
Proactive Risk Assessment
Implement a proactive risk assessment process to identify devices and configurations that may be vulnerable to known issues, allowing for targeted updates and reducing downtime.
- next-steps: Develop a risk assessment framework, conduct an initial audit of affected devices, and schedule regular assessments to stay ahead of potential issues.
- roles: IT Security Officers, System Administrators, Compliance Managers
- references: https://www.nist.gov/publications-landing-page/publications/risk-management-framework-risk-management-guide-information-technology-systems
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 3 weeks ago
