{"id":7073,"date":"2018-09-20T01:02:00","date_gmt":"2018-09-19T23:02:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=7073"},"modified":"2018-09-18T13:53:17","modified_gmt":"2018-09-18T11:53:17","slug":"windows-10-v1803-fix-for-bitlocker-bug-in-nov-2018","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2018\/09\/20\/windows-10-v1803-fix-for-bitlocker-bug-in-nov-2018\/","title":{"rendered":"Windows 10 V1803: Fix for Bitlocker bug in Nov. 2018?"},"content":{"rendered":"

[German<\/a>]Brief note for administrators and users of Windows 10 Version 1803 in enterprise environment using Bitlocker encryption. Microsoft plans to fix the Bitlocker bug, which deactivates the function during update installation, with a patch scheduled for November 2018.<\/p>\n

<\/p>\n

What's the Bitlocker Bug?<\/h2>\n

\"\"If you are not up to date (I for instance also had to check my blog for details): There is the problem that Bitlocker pauses during update installation if there is no TPM chip on the machine. I blogged about that within my article Windows 10 V1709\/1803: Issues (also August Patchday)<\/a> in August 2017. <\/p>\n

The bug is described in the Technet forum<\/a> and applies to machines with Windows 10 version 1803 that do not have a TPM module. If the hard disk encryption with Bitlocker is activated, Windows deactivates it during the installation of an update. Here is the description:  <\/p>\n

\n

I have a machine with Bitlocker enabled, no TPM, Windows 10 1803. <\/p>\n

For the last month or so, whenever a Windows system update is applied, Bitlocker is automatically suspended upon first login after the machine restarts. Case in point: the latest Windows 10 cumulative update was applied this morning, only for the machine to restart with Bitlocker suspended on the OS drive. Interestingly, there is also some dubious behaviour in terms of the initial Bitlocker password entry screen. Not having a TPM, the user must enter a password to boot. On at least 2 occasions, after applying an update, the system does not present the Bitlocker password entry screen and progresses all the way to the user login screen. However, this morning the Bitlocker password entry screen was presented correctly but after entering the correct password and then logging in to Windows, Bitlocker was suspended. <\/p>\n

This is the state of the OS drive after logging in: <\/p>\n

Volume C: [System]
[OS Volume] <\/p>\n

Size:                 59.07 GB
BitLocker Version:    2.0
Conversion Status:    Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method:    XTS-AES 128
Protection Status:    Protection Off (1 reboots left)   <\u2014\u2014
Lock Status:          Unlocked
Identification Field: Unknown
Key Protectors:
Password
Numerical Password <\/p>\n

Now, I realise that Bitlocker is temporarily suspended \u2013 restarting the machine again will enable it without any action from the user. However, this is a security risk for the time between restarting after an update and the next restart and severely undermines our trust in Bitlocker. I would expect that Bitlocker should NEVER be suspended unless initiated by a user\/admin.<\/p>\n<\/blockquote>\n

If the machine is restarted again, Bitlocker will be activated again. So if people install updates and put the machine into sleep mode, Bitlocker may remain disabled for a long time. The bug only occurs on Windows 10 V1803 machines without a TMP chip.  <\/p>\n

Microsoft plans a bug fix for November 2018<\/h2>\n

I haven't followed the progress, but affected users hoped that Microsoft would roll out a fix per update in September 2018. But that didn't happen, as user andadok notes in the Technet thread. There is then a hint to deactivate Bitlocker temporarily before each update and to activate it again after the update installation. Susan Bradley, who follows the thread, now points to Twitter. <\/p>\n

\n

btw the bug whereby bitlocker with a password needs reactivation after patching in 1803 has been identified and will be fixed in November. Kudos to Chad Z. Hower for the assist with the bug.<\/p>\n

\u2014 SBSDiva (@SBSDiva) 17. September 2018<\/a><\/p><\/blockquote>\n