how the hell is locally logging in to millions of servers and devices stuck in a bootloop a "fix"?
It's a fix as in it fixes the bootloop without having to format the whole system. The systems affected will bootloop as they will BSOD while Windows is booting and there is NOTHING else to be done if the update reached the system.
I understand that Windows Safe Mode is unavailable in encrypted devices, what do then?
It is available, but you need the Bitlocker recovery key which good luck finding the key on the AD domain controllers if those are affected by the boot loops(though keys can also be backed up on Microsoft Azure AD/Entra or if the sysadmin implemented another policy to back them up from AD). Bonus points if the devices are BIOS protected or have additional early boot security measures.
It's a fix as in it fixes the bootloop without having to format the whole system. The systems affected will bootloop as they will BSOD while Windows is booting and there is NOTHING else to be done if the update reached the system.
It is available, but you need the Bitlocker recovery key which good luck finding the key on the AD domain controllers if those are affected by the boot loops(though keys can also be backed up on Microsoft Azure AD/Entra or if the sysadmin implemented another policy to back them up from AD). Bonus points if the devices are BIOS protected or have additional early boot security measures.
In other words, it's a fuckin disaster and sysadmins around the world are screaming.