Security News

We analyzed 2,5 million vulnerabilities we discovered in our customer’s assets. This is what we found. Digging into the data The dataset we analyze here is representative of a subset of clients...

Microsoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability. "Devices attempting to install the January 2024 Windows Recovery Environment update might display an error related to the size of the Recovery Environment's partition. We are working on a resolution and will provide an update in an upcoming release," Microsoft says in an update to the Windows release health dashboard.

Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass. As Microsoft explains, this happens because instead of displaying a CBS E INSUFFICIENT DISK SPACE error when the WinRE partition is not large enough, Windows Update incorrectly says the generic "0x80070643 - ERROR INSTALL FAILURE" error message instead. ?This happens because the WinRE image file deployed when installing the KB5034441 security update is too large for the recovery partition.

Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. Windows 10 creates a recovery partition, usually around 500 MB, which is not large enough to support the new Windows RE image file, causing the 0x80070643 error when attempting to install the update.

Microsoft has released the KB5034122 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes only a small number of fixes due to the holiday season. KB5034122 is a mandatory Windows 10 cumulative update containing the January 2024 Patch Tuesday security updates.

Security researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve...

Microsoft has released the KB5033372 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes Copilot for Windows and nineteen other changes to the operating system. KB5033372 is a mandatory Windows 10 cumulative update containing the December 2023 Patch Tuesday security updates.

Microsoft's Extended Security Updates program doesn't replace all of those options; ESUs just provide the monthly security updates from Windows Update and only cover what Microsoft classifies as critical or important vulnerabilities, which means no fixes for security issues you can mitigate without Microsoft making changes to Windows. What's different this time is that individuals will be able to buy the annual ESU subscription for their Windows 10 PCs. How can I get Extended Security Updates for Windows 10?

Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support on October 14, 2025: both enterprises and individual consumers will be able receive Extended Security Updates, but will have to pay for them. "The ESU program enables PCs to continue to receive critical and important security updates through an annual subscription service after support ends. To be eligible to install updates from the ESU program, devices must be running Windows 10, version 22H2," Microsoft says.

Microsoft on Tuesday warned that full security support for Windows 10 will end on October 14, 2025, but offered a lifeline for customers unable or unwilling to upgrade two years hence. "While we strongly recommend moving to Windows 11, we understand there are circumstances that could prevent you from replacing Windows 10 devices before the EOS date," explained Jason Leznek, a member of Microsoft's Windows Servicing & Delivery team, in an statement.