Security News > 2024 > January > Microsoft shares script to update Windows 10 WinRE with BitLocker fixes

Microsoft shares script to update Windows 10 WinRE with BitLocker fixes
2024-01-11 18:32

Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass.

As Microsoft explains, this happens because instead of displaying a CBS E INSUFFICIENT DISK SPACE error when the WinRE partition is not large enough, Windows Update incorrectly says the generic "0x80070643 - ERROR INSTALL FAILURE" error message instead. ?This happens because the WinRE image file deployed when installing the KB5034441 security update is too large for the recovery partition.

"The sample PowerShell script was developed by the Microsoft product team to help automate the updating of WinRE images on supported Windows 10 and Windows 11 devices," Microsoft said.

When running the script on your system, it mounts the WinRE image, applies an architecture-specific Safe OS Dynamic Update you have to download from the Windows Update Catalog before running the script, unmounts the image, and then reconfigures WinRE for BitLocker service if the BitLocker TPM protector is present.

From BleepingComputer's tests, you may also have to use Microsoft's Show or Hide Tool to hide the KB5034441 update after running the script, so Windows Update won't keep trying to install the buggy update and display an error.

Windows 10 KB5034441 security update fails with 0x80070643 errors.


News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-script-to-update-windows-10-winre-with-bitlocker-fixes/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2024-20666 Unspecified vulnerability in Microsoft products
BitLocker Security Feature Bypass Vulnerability
0.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399