- KB5034441 addresses BitLocker Encryption bypass vulnerability but fails to install with error code 0x80070643 because of limited space in the Windows Recovery Environment.
- You can create a new WinRE with a greater size through the Command Prompt, after which KB5034441 can be installed successfully.
Alongside the Patch Tuesday updates for January 2024, Microsoft has rolled out a security update specifically for Windows 10 versions 22H2, and select editions of 21H2. This is KB5034441 which can only be installed through Windows Update and Windows Server Update Services (WSUS) – no standalone installers are available.
This security update addresses the CVE-2024-20666 vulnerability, which is a vulnerability that could allow attackers to bypass BitLocker encryption from the Windows Recovery Environment (WinRE). This vulnerability has not been publicly exploited, nor was it publicly disclosed. The chances of exploitation are also very less likely. Nonetheless, prompt action is recommended to patch the bug.
To patch this vulnerability, install KB5034441 on your Windows 10 PC from Windows Update by going to Settings > Update & Security, and then clicking “Check for updates.” KB5034441 should be available; click “Download and install” below it.
After installing the update, start the computer, and your device should be safe from WinRE exploitation.
Fix KB5034441 fails to install with error code 0x80070643
There have been numerous reports that attempting to install KB5034441 has failed with the error code 0x80070643. After attempting to install it myself, I encountered the same error that said the following:
There were some problemsinstalling updates, but we'll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070643)
After researching the error code, I concluded that this was a very common Windows Update error with very generic solutions. However, none of the solutions fixed the issue, except one.
Since the update applies to the Windows Recovery Environment, the insufficient partition space of the Recovery Environment causes the error. Increasing the space fixes the issue. Use the following steps to resize the partitions:
Note: Caution and creating a system restore point is advised in case of any permanent damage to the OS or the files.
Press the Windows key + R to launch the Run Command box.
Type in “cmd” and press CTRL + Shift + Enter to run an elevated Command Prompt.
Run the following command to check the WinRE status:
Note down the numbers after “harddisk” and “partition” in the “Windows RE location” field.
These signify the index numbers of the disk and the partition WinRE is on, respectively.
Now run the following command to disable WinRE:
Now, to shrink the disk volume and make room for an extended WinRE partition, enter the DiskPart mode with the following command:
List the disk details with this command:
Select the operating system disk using its index number:
Select disk [DiskIndex]
Run this command to list all partition details on the selected disk:
Select the OS partition using its index number:
Select Part [OSPartitionIndex]
Now run the following command which frees up 250 MB of space from the primary partition:
shrink desired=250 minimum=250
Now, use the following command and select the Windows Recovery partition:
Select Part [RecoveryPartitonIndex]
Delete the recovery partition with this command:
delete partition override
Now, to create a new, bigger recovery partition, start by checking whether the partition style is MBR or GPT with this command:
Check if there is an asterisk (*) in the “Gpt” column. If there is an asterisk, then the drive is GPT. Otherwise, the drive is MBR.
Now run the respective commands depending on your partition style:
create partition primary id=de94bba4-06d1-4d40-a16a-bfd50179d6ac gpt attributes =0x8000000000000001
create partition primary id=27
Now run the following command while replacing [Label] with a volume label of your choice to format the Recovery partition:
Note: I recommend that you use the name “Recovery Partition” so it is easily identifiable in the future.
format quick fs=ntfs label=”[Label]”
Confirm that the WinRE partition is created with this command:
Run this command to exit the DiskPart mode:
No execute this command to re-enable WinRE:
Once these steps are performed, return to the Windows Update settings page and attempt to reinstall the update KB5034441 by clicking Retry, it should install successfully now.
After many people encountered the error of not being able to install such an important update, Microsoft included the solution in the release notes for KB5034441. However, it is an awful lot of steps that are (sort of) mandatory to perform to install the security update.
KB5034441 resolves a critical security vulnerability that should be patched by every Windows 10 user. However, not everyone will take the time to perform these troubleshooting steps to successfully install the update. Microsoft still has a lot of fixing to do so that users can safely use their computers without having to know that their computers are vulnerable to external threats.