Windows

Microsoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability.

While the security issue was resolved during this month's Patch Tuesday, deploying KB5034441 on systems with a Windows Recovery Environment (WinRE) partition that's too small will fail and mistakenly show generic '0x80070643 - ERROR_INSTALL_FAILURE' error messages instead of the correct CBS_E_INSUFFICIENT_DISK_SPACE error.

As a workaround, until a fix is available, the company provides customers with affected systems detailed—and quite complex—instructions on how to resize their WinRE partitions on its support website.

If creating a new WinRE partition large enough to complete this update fails, you can run reagentc /enable to re-enable the partition.

"Devices attempting to install the January 2024 Windows Recovery Environment update (KB5034441) might display an error related to the size of the Recovery Environment's partition. We are working on a resolution and will provide an update in an upcoming release," Microsoft says in an update to the Windows release health dashboard. 

"It might be necessary to increase the size of the WinRE partition in order to avoid this issue and complete the installation. Note that 250 megabytes of free space is required in the recovery partition."

Windows Update 0x80070643 error
Windows Update 0x80070643 error (BleepingComputer)

​Script to update WinRE with BitLocker fixes

Microsoft has also released a PowerShell script that helps automate updating the WinRE partition to fix the CVE-2024-20666 flaw that allows for BitLocker encryption bypass.

The script addresses the known issue causing KB5034441 install failures on Windows 10 systems, leaving the devices vulnerable to attacks exploiting the BitLocker flaw that provides threat actors access to encrypted data.

When executed, it mounts the WinRE image, applies an architecture-specific Safe OS Dynamic Update you have to first download from the Windows Update Catalog, unmounts the image, and then reconfigures WinRE for BitLocker service if the BitLocker TPM protector is present.

After running the script, you should also use Microsoft's Show or Hide Tool to hide the KB5034441 update to prevent Windows Update from repeatedly trying to install the faulty update and displaying 0x80070643 errors.

If you decide to resize the WinRE partition manually, it's highly recommended that you back up your data, given that there's always a chance that your system's partitions may be damaged during the process.

Related Articles:

Windows 10 KB5046613 update released with fixes for printer bugs

Microsoft warns Azure Virtual Desktop users of black screen issues

Microsoft fixes Windows 10 bug causing apps to stop working

Windows 10 KB5044273 update released with 9 fixes, security updates

Microsoft just killed the Windows 10 Beta Channel again