Security News > 2024 > January > Microsoft shares script to update Windows 10 WinRE with BitLocker fixes

Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass.
As Microsoft explains, this happens because instead of displaying a CBS E INSUFFICIENT DISK SPACE error when the WinRE partition is not large enough, Windows Update incorrectly says the generic "0x80070643 - ERROR INSTALL FAILURE" error message instead. ?This happens because the WinRE image file deployed when installing the KB5034441 security update is too large for the recovery partition.
"The sample PowerShell script was developed by the Microsoft product team to help automate the updating of WinRE images on supported Windows 10 and Windows 11 devices," Microsoft said.
When running the script on your system, it mounts the WinRE image, applies an architecture-specific Safe OS Dynamic Update you have to download from the Windows Update Catalog before running the script, unmounts the image, and then reconfigures WinRE for BitLocker service if the BitLocker TPM protector is present.
From BleepingComputer's tests, you may also have to use Microsoft's Show or Hide Tool to hide the KB5034441 update after running the script, so Windows Update won't keep trying to install the buggy update and display an error.
Windows 10 KB5034441 security update fails with 0x80070643 errors.
News URL
Related news
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Microsoft shares workaround for Windows security update issues (source)
- Windows 10 KB5052077 update fixes broken SSH connections (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Windows 10 KB5053606 update fixes broken SSH connections (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-09 | CVE-2024-20666 | Unspecified vulnerability in Microsoft products BitLocker Security Feature Bypass Vulnerability | 0.0 |