Table of Content:
- Microsoft is addressing a known issue causing 0x80070643 failures when installing the CVE-2024-20666 BitLocker security upgrade KB5034441 on Windows Recovery Environment (WinRE) partition-based computers.
- Microsoft provides clear instructions for resizing the WinRE partition until a patch is available, emphasizing the use of “reagent /enable” to re-enable the partition if resizing fails.
- Microsoft has provided a PowerShell script to automate WinRE partition updates, requiring users to hide the KB5034441 update and backup data before manually resizing WinRE.
Microsoft is actively addressing a known issue that is causing errors (0x80070643) during the installation of the KB5034441 security update. This update is crucial as it patches the CVE-2024-20666 BitLocker vulnerability, ensuring enhanced security measures.
An Interim Solution
Although the security issue has been resolved in the latest Patch Tuesday, there is a known issue with deploying KB5034441 on systems that have a Windows Recovery Environment (WinRE) partition that is too small. In such cases, the deployment will fail, and users will see generic ‘0x80070643 – ERROR_INSTALL_FAILURE’ error messages instead of the correct CBS_E_INSUFFICIENT_DISK_SPACE error.
Until a solution is released, Microsoft offers customers with impacted systems detailed instructions on resizing their WinRE partitions. These instructions can be complex, but they are available on the company’s support website.
If you encounter any issues while trying to create a new WinRE partition that is sufficient in size for completing this update, there is a solution. Execute the command “reagent /enable” to re-enable the partition.
Users may encounter an error message when installing the January 2024 Windows Recovery Environment update (KB5034441) on their devices. This error is specifically related to the Recovery Environment’s partition size. According to the Windows release health dashboard, Microsoft has stated that they are actively working on a resolution and will provide an update in an upcoming release.
To avoid this issue and successfully complete the installation, you must increase the size of the WinRE partition. Please be aware that a minimum of 250 megabytes of free space is necessary in the recovery partition.
Updating WinRE with BitLocker fixes: A Handy Script
Microsoft has recently made available a PowerShell script that can be used to automate updating the WinRE partition. This update explicitly addresses the CVE-2024-20666 vulnerability, which is responsible for the potential bypass of BitLocker encryption.
This script tackles the well-known problem that leads to installation failures of KB5034441 on Windows 10 systems. As a result, these devices become vulnerable to attacks that exploit the BitLocker flaw, allowing threat actors to access encrypted data.
Once executed, it will mount the WinRE image and apply a Safe OS Dynamic Update specific to the architecture, which you need to download from the Windows Update Catalog beforehand. After unmounting the image, it will reconfigure WinRE for the BitLocker service, provided the BitLocker TPM protector is present.
Once you’ve executed the script, utilizing Microsoft’s Show or Hide Tool is advisable. This tool will allow you to hide the problematic KB5034441 update, preventing Windows Update from continuously attempting to install it and causing those pesky 0x80070643 errors to pop up.
Once you’ve executed the script, it might be necessary to utilize Microsoft’s Show or Hide Tool to conceal the KB5034441 update. This will prevent Windows Update from attempting to install the problematic update and showing a 0x80070643 error.
Before manually resizing the WinRE partition, it is crucial to back up your data. There is a possibility that your system’s partitions could be harmed during this process, so taking precautions is highly advised.
If you are facing any such errors, then do visit Adi4u for more such tech updates.