[German]Brief question to the readership, I have received initial reports that there are also installation problems in February 2024, around the patchday on February 13, 2024. The Win RE update KB5034441 for Windows 10 fails with the installation error 0x80070643. This error has already driven hordes of users to despair in January 2024. Here is a brief overview of what I have encountered so far.
Advertising
WinRE update KB5034441 as a problem
In Windows there is a BitLocker Security Feature Bypass vulnerability CVE-2024-20666, that allows an attacker with physical access to the system to gain access to BitLocker-encrypted data via the BitLocker Device Encryption feature. Windows 10, Windows 11 and Windows Server 2022 are potentially affected.
Since January 9, 2024, Microsoft has been trying to eliminate this vulnerability with an update and has provided some information on this under the support article KB5034441. Unfortunately, the update is rolled out automatically via Windows Update, regardless of whether Bitlocker is activated on a machine or not. An existing Win RE partition is sufficient – although the installation even failed if the partition was missing.
Microsoft had already indicated in advance that the installation of the update requires 250 MB of free disk space in the recovery partition in order to be installed successfully. If the recovery partition does not have enough free space, the update fails during installation with the error 0x80070643 – ERROR_INSTALL_FAILURE.
I had reported on the matter in several posts on the blog (see links at the end of the article). Microsoft updated the post The January 2024 Windows RE update might fail to install. A blog reader pointed out in this German comment that Microsoft is now indicating that the Win RE update is not required if the system does not have a WinRE recovery partition.
Error 0x80070643 with the February 2024 patch
However, Microsoft is apparently rolling out the KB5034441 update again via Windows Update. Hans T. wrote in this German comment:
Advertising
Allerdings rollt Microsoft das Update KB5034441 scheinbar erneut über Windows Update aus. Hans T. hat sich in diesem Kommentar gemeldet und schreibt:
The Microsoft junk KB5034441 was offered to me on Windows Update again.
Installation end with the error message: Download error
0x80070643.
There are other German readers like here who confirm the "download" error in the blog. Another reader wrote here that the update was installed at the second attempt. This effect was already confirmed to me in this German comment in January 2024. Wolfgang also made a similar observation in this comment. Other readers confirmed this in the comment thread. I had already written that Nico had reported this on Facebook in a closed group and commented on it
I thought the February update would fix the problem with the partitions being too small? …
Funnily enough, the whole update ran completely on an identical computer and on another it threw the said error.
Edition Windows 10 Pro Version 22H2
Installed on 27.07.2023
Operating system build 19045.4046
Performance Windows Feature Experience Pack 1000.19053.1000.0
Tecci has made another post on Facebook in a closed group and reported the error on several clients.
I have a jackpot that the error code 0x80070643 comes up on 80% of the Win10 computers at a customer.
I have tried the Microsoft solution on the end devices, but without success. I also ran the update repair mode, also without success. Do you still have a solution approach?
Even increasing the partition to 2 GB did not help. Two points stuck in my mind in this context: If the partition is large enough, make sure that it is also activated. And I shared an observation from a reader on Facebook in this German comment. He noticed that the Win RE on his partition was "too old" and the update failed during installation. After he had copied an updated Win RE to the partition, the update went through during installation.
I just saw in a search that Windows Latest also addressed the problem in this post a few hours ago. However, the solution given there (adjust partition) may not work in persistent cases.
Hide the Update
In the blog post Microsoft is working on a fix for the installation error 0x80070643 (WinRE update KB5034441), I gave the tip that users in a private environment for whom the update wants to install again and again can try to stop the update installation. To do this, the update must be hidden. In unmanaged environments under Windows 10 / 11 version, however, the update can be blocked using the Microsoft Show or Hide Updates tool. In managed corporate environments (WSUS, Intune, etc.), administrators can suspend the distribution of the update.
Similar articles:
Microsoft Security Update Summary (January 9, 2024)
Microsoft Security Update Summary (February 13, 2024)
Patchday: Windows 10 Updates (February 13, 2024)
Patchday: Windows 11/Server 2022 Updates (February 13, 2024)
Windows WinRE update (for Bitlocker Bypassing vulnerability CVE-2024-20666) fails with installation error 0x80070643 (Jan. 2024, KB5034441)
Microsoft's PowerShell script against installation error 0x80070643 for KB5034441 (Jan. 2024)
Windows 10: Be aware of WinRE WinRE patch to fix Bitlocker bypass vulnerability CVE-2022-41099
Windows 10: Update on WinRE patch (fix for Bitlocker bypass vulnerability CVE-2022-41099)
Windows 10/11: Microsoft releases script for WinRE BitLocker bypass fix
Advertising
thanks a lot of information
I managed to install KB5034441 in January, following the guidelienes on resizing the WinRE partition.
Now in February this update appeared again in the update list, and faild to install again. Even if in the update history it is listed as a previously installed update.
Ridiculous…
Microsoft has to fix their windows update detection "metadata" on their WU servers to stop offering the KB5034441 update when the KB5034763 or newer cumulative update is already installed onto Win10 21H2/22H2 computers. the KB5034441/KB5034232 patches don't seem to be "applicable" if KB5034763 CU or newer is installed and should only be offered if the latest cumulative updates were NOT installed.
I'll continue to hide/block the KB5034441 update using wushowhide.diagcab, wumgr or windows update minitool until Microsoft changes the windows update metadata on their end.