Installing Windows 7 from a backup? You need a BitLocker patch right away

Credit to Author: Woody Leonhard| Date: Mon, 19 Aug 2019 09:33:00 -0700

No doubt you recall the warning back in February that Windows 7, Server 2008 and Server 2008 R2 patches starting in July would use the SHA-2 encryption protocol. If you want to install Win7 patches issued after July, you have to get the SHA-2 translator installed.

A few days ago, Microsoft tossed a zinger into the FAQs down at the bottom of its SHA-2 post, 2019 SHA-2 Code Signing Support requirement for Windows and WSUS. That post now says that you have to install a seemingly unrelated patch, KB 3133977, entitled, BitLocker can’t encrypt drives because of service crashes in svchost.exe process in Windows 7 or Windows Server 2008 R2.  

That should immediately raise your eyebrows. It’s a BitLocker fix, fer heaven’s sake, and Microsoft now says you better install that fix before you try to run a new instance of Win7 – whether you have BitLocker or not.

Specifically, the SHA-2 post was updated on Aug. 16 to say you can run into trouble in any of these scenarios:

The remedies in each of those situations is a little bit different, but in general it includes installing the BitLocker fix KB 3133977 (even if you’ve hidden it!) and running the bcdboot.exe program to refresh your boot files.

This, buried at the bottom of a FAQ in an old KB article.

And you thought Win10 users got all the new bizarre bugs.

Thx @abbodi86, @PKCano

Stay up on the latest — Win7, too — on