Windows 10 KB5034441 security update fails with 0x80070643 errors (Bitlocker)

Windows 10 KB5034441 security update fails with 0x80070643 errors

By Lawrence Abrams January 10, 2024 11:56 AM

Windows 10 users worldwide report problems installing Microsoft’s January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker.

Yesterday, as part of Microsoft’s January 2024 Patch Tuesday, a security update (KB5034441) was released for CVE-2024-20666, a BitLocker encryption bypass that allows users to access encrypted data.

However, when attempting to install this update, Windows 10 users are reporting getting 0x80070643 errors and the installation failing.

On reboot, users will be greeted with a Windows Update screen stating that an error occurred and to try again later.

“There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070643),” reads the Windows Update error.

In a support bulletin also published yesterday, Microsoft warns that when installing the KB5034441, users are supposed to see the “Windows Recovery Environment servicing failed, (CBS_E_INSUFFICIENT_DISK_SPACE)” error when the Windows Recovery Partition is not large enough to support the update.

However, a coding error causes the Windows Update to mistakenly display the generic “0x80070643 – ERROR_INSTALL_FAILURE” error message instead.
WinRE partition too small

When installing the KB5034441 security update, Microsoft is installing a new version of the Windows Recovery Environment (WinRE) that fixes the BitLocker vulnerability.

Unfortunately, Windows 10 creates a recovery partition, usually around 500 MB, which is not large enough to support the new Windows RE image (winre.wim) file, causing the 0x80070643 error when attempting to install the update.

In a test by BleepingComputer this morning, a brand new install of Windows 10 using the latest ISO from Microsoft created a 522MB WinRE partition. However, even this new install has a partition that is too small, causing the KB5034441 security update not to install and display a 0x80070643 error.

The only solution Microsoft has offered at this point is to create a larger Windows Recovery Partition so there is enough room for the security update to install.

As the Windows Recovery Partition is created on the same disk as the C: partition, you must shrink the C: partition by 250 MBs and use that newly unallocated space to create a bigger Recovery Partition.

Microsoft had previously shared a support bulletin describing how to shrink the C: partition by 250 MB and create a new Recovery Partition using the reagentc.exe and dispart.exe command line utilities to accommodate WinRE security updates.

Reagentc.exe is a command line tool for managing the Windows Recovery Environment, and diskpart.exe is a command line tool to manage the device’s disk partition and volumes.

However, if you are not comfortable using command line programs, we strongly suggest you hold off on performing these steps as the vulnerability requires physical access to your device, minimizing its impact.

Instead, you should wait for a solution from Microsoft, which may offer an automated way to recreate a larger Windows Recovery partition.

Furthermore, there is always the risk of damaging partitions when shrinking and expanding them, so it is strongly advised that you back up your data before proceeding.

More Article (https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5034441-security-update-fails-with-0x80070643-errors/)

Roy Miehe | MspPortal Partners Inc. | Ceo/President

Security Software Distributor: Bitdefender , Barracuda, Phishline Training

“Where Service and Technical Skills Count”