MS-DEFCON 1: Partition size blocks update

Topic

New Reply

ISSUE 21.02.1 • 2024-01-10 By Susan Bradley KB5034441 fails to install with error code 0x80070643. This failure is very unusual, so much so that I fee
[See the full post at: MS-DEFCON 1: Partition size blocks update]

Susan Bradley Patch Lady/Prudent patcher

16 users thanked author for this post.

rc primak, CADesertRat, Linda2019, Joost van Haaren, Ted Wade, bowled845, jburk07, WCHS, abbodi86, kewlputergeek, LHiggins, CAS, lmacri, Alex5723, Carl D, DLivesInTexas

Reply | Quote

Replies

“simplest advice I can offer is to use BlockAPatch to temporarily block KB5034441. However, the solution involves increasing the size of the Windows recovery partition on your boot drive. Therefore, you must at least assess the size of that partition and determine whether it is large enough, because you will eventually need to install this patch.”

Are you saying that simply blocking the patch will set Windows into motion to eventually change the size of the Windows Recovery Partition on the boot drive or is your warning only for those who need to use Bitlocker?

Reply | Quote

Only for those that use Bitlocker.  I’m still hoping that Microsoft can make the detection of this patch better.  I have two home pcs that have NO TPM chip and thus no way to ever have bitlocker.  There is ZERO reason for them to have this update.

Susan Bradley Patch Lady/Prudent patcher

7 users thanked author for this post.

CADesertRat, Ted Wade, MartyHs, Alex5723, Carl D, WCHS, cmar6

Reply | Quote

This raises an interesting question.  If system shows “Turn on Bitlocker” in Windows Explorer, does that mean Bitlocker is installed? And if so, does that say anything about the presence of  a TPM chip?

Reply | Quote

Susan Bradley wrote:

I have two home pcs that have NO TPM chip and thus no way to ever have bitlocker.

It’s possible to use Bitlocker without a TPM:

How to Turn on BitLocker Without TPM on Windows 10

1 user thanked author for this post.

windbg

Reply | Quote

Before reading all your notices about this Windows update, my computer attempted to install it, and failed multiple times.  I conferred with one of the Microsoft Support staff and they told me that this update was not available in all areas yet – that sounded fishy to me.  He had me go into my Services menu and disable the BitLocker, but that didn’t make any difference at all.  Now I’ve disabled my updates for an extended period.

 

Reply | Quote

I do NOT recommend you do ANYTHING about this error at this time.  Do NOT attempt to resize your Recovery Partition.  Just wait until Microsoft fixes the issue (probably next month). There have been reports of it failing EVEN with a large recovery partition.  You should not be installing January updates now anyway…

Our standard policy is not to install Monthly Quality Updates for 19 days. This policy is based on Microsoft’s proven incompetence over the last couple of years. An update that causes business disruption and loss of revenue is unacceptable. We’ve found that Microsoft will address serious bugs within that 19 day period (3 work weeks).

 

 

 

 

8 users thanked author for this post.

mjhines1, bowled845, Chester Peake, teuhasn2, Rush2112, MartyHs, Perturbance, gwt10

Reply | Quote

So, how large is “large enough”?

Is the only way to find out to try the update and see if it fails? If so, what is the impact of the update failing — just that the vulnerability remains unpatched, or is system operation impaired?

I assembled my machine myself and installed Windows 10 Pro on an SSD. The recovery partition appears to be first, not last, and it’s 529MB. I do have Bitlocker active on the system and data partitions, as a precaution should the machine ever be stolen.

2 users thanked author for this post.

WCHS, Will Fastie

Reply | Quote

I have the same question, though my recovery partition is last.

Reply | Quote

Coises wrote:

So, how large is “large enough”?

Is the only way to find out to try the update and see if it fails? If so, what is the impact of the update failing — just that the vulnerability remains unpatched, or is system operation impaired?

I assembled my machine myself and installed Windows 10 Pro on an SSD. The recovery partition appears to be first, not last, and it’s 529MB. I do have Bitlocker active on the system and data partitions, as a precaution should the machine ever be stolen.

That’s the crucial question isn’t it? How large is large enough? I have about 518MB of 1000MB free. (I think I’ve had to increase the size of this partition once before.)

Although I do actually have two recovery partitions. The 1000MB one is labelled WinRE_DRV and the other is unlabelled (with 88MB of 620MB free.)

Reply | Quote

@SB my Recovery shows 1GB but also shows 100% free? Is that possible? And if so, should I just install this?

I DO have Reflect set to recover I belive. Thought it woul duse this, but perhaps I am confused here.

Thanks!

Reply | Quote

rebop2020 wrote:

@SB my Recovery shows 1GB but also shows 100% free? Is that possible?

The Recovery partition is a “hidden” partition, and hidden partitions are always shown as 100% free.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

1 user thanked author for this post.

rc primak

Reply | Quote

You are correct about not being affected if BitLocker is not enabled. I do not have BitLocker enabled and KB5034122, KB5034275, and KB5034441 all successfully installed this date. I use Win 10 22H2. I cannot upgrade to Win 11, even if I wanted to.

3 users thanked author for this post.

CADesertRat, mjhines1, MartyHs

Reply | Quote

MrGG wrote:

You are correct about not being affected if BitLocker is not enabled. I do not have BitLocker enabled and KB5034122, KB5034275, and KB5034441 all successfully installed this date. I use Win 10 22H2. I cannot upgrade to Win 11, even if I wanted to.

What??  This is contrary to what Susan is recommending.  She says “if you do not have BitLocker enabled, then don’t install KB5034441”.  Maybe, for you, it successfully installed not because you do not have BitLocker enabled, but because your WINRE partition is large enough.

Reply | Quote

I can only add to my protest that Windows users should not be left with these sad situations.

Reply | Quote

grumble grumble grumble grumble  – I would like a smarter patch.  Many of us do not need this installed.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

Toa Of Justice

Reply | Quote

The first time I forget to set my no-update date to the 26th, and we get a DEFCON 1 level!

That being said, the patch did fail for me even though I don’t have BitLocker running.  Now what is the fallout, other than the failure message?  As a longtime programmer, I would expect (hope?) that the first thing the patch does is check the size of the partition and immediately terminate if it’s too small, in other words, no harm, no foul.  It would be naive, amateurish and incompetent to start writing to the partition without that step and detect the problem only after the partition has been trashed … but then, expecting the average user to be able to expand the partition and move on is also naive, amateurish and incompetent in addition to being a cure possibly worse than the disease due to how many users it would affect.

Do we know of any ill effects if the patch fails, or is the DEFCON-1 intended to protect against any unknown problems?

1 user thanked author for this post.

mjhines1

Reply | Quote

I installed this on my personal laptop which doesn’t have a recovery partition at all. Installed fine, no issues.

Reply | Quote

what about systems that are updated to 23h2.  Are they impacted by this?

Reply | Quote

Windows 11’s have the update included in the cumulative update.  I have yet to see 11’s hit this issue.  My guess is that partitions were done correctly/differently?  On my 11 test boxes I’ve had zero failures of the cumulative update.  On my home 10’s I’m 2 out of 3 having issues.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Windows 11 21H2 and Server 2022 got the same love with KB5034440 and KB5034439

Reply | Quote

That’s 21H2.  My understanding is that it’s in the cumulative of 22h2/22h3.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Win11 22h2/22h3 bundle SafeOS dynamic update and apply it to winre.wim during cumulative installation

so it can fail with the same procedure

Reply | Quote

https://support.microsoft.com/en-us/topic/kb5034440-windows-recovery-environment-update-for-windows-11-version-21h2-january-9-2024-1e07724a-3547-40f5-99ff-862cc48fd523

1 user thanked author for this post.

Linda2019

Reply | Quote

In the MS Forum one user recommended using EaseUS Partition Master Free 16.5 to resize partitions rather than using the command line?  Does anyone have thoughts on whether that is a good idea?  Certainly seems easier/intuitive.

Reply | Quote

IF you use Bitlocker I am more confortable with a third party tool.  IF you don’t use Bitlocker there is no need for this patch.

Susan Bradley Patch Lady/Prudent patcher

3 users thanked author for this post.

MartyHs, cmar6, NEMP8Wa

Reply | Quote

Susan, are we to disable bitlocker if we have it installed in order to update successfully? 

Reply | Quote

No need. Wait for MS to issue a fix and wait for Susan to give the all clear.

In the meantime, if you need security on your laptop, set a PIN.

cheers, Paul

Reply | Quote

[Will Fastie]

Coises wrote:

So, how large is “large enough”?

See Microsoft’s Learn page UEFI/GPT-based hard drive partitions. It does not precisely answer the question but says that the minimum size of the recovery partition must be 300MB and that an additional 100MB to 250MB is required for the Windows Recovery Environment (WinRE).

That would imply 550MB just to be on the safe side. But scroll down to the “Recovery tools partition” section of that page and you’ll become further confused, as am I.

• This reply was modified 1 year, 2 months ago by Will Fastie. Reason: Typo

1 user thanked author for this post.

rc primak

Reply | Quote

I just checked both the recently installed 1TB NVME system drive as well as the older 500GB SSD that I cloned the NVME from and both have 529MB recovery partitions on them.  I’ll still hold tight doing any update on my workstation though I will test the HTPC maching that I only use for streaming to my TV set.  I let that one update as normal every month as it doesn’t do anything other than content streaming.

1 user thanked author for this post.

rc primak

Reply | Quote

Will Fastie wrote:

See Microsoft’s Learn page UEFI/GPT-based hard drive partitions. It does not precisely answer the question but says that the minimum size of the recovery partition must be 300MB and that an additional 100MB to 250MB is required for the Windows Recovery Environment (WinRE).

That page date shows that it’s been updated, but not all of the information is up-to-date.  That 300MB is leftover from Windows 7 early days.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

1 user thanked author for this post.

rc primak

Reply | Quote

My upgraded Intel NUC (11th-Gen, but recently found to be out of support from Intel) started its life with Windows 10 Pro, which I installed. Its WinRE Partition was still 300MB until I enlarged it using the MiniTool Partition Wizard product. (WARNING: Do NOT use this product if you have any non-Windows partition types like Linux ext4 on the drive, or you will be reinstalling those other OSes and data partitions! This includes GRUB Boot and Linux Swap partition types. ) Anyway, I made the WinRE partition 1.2 GB in size, because I can afford the real estate and I think future WinRE WIMs may be larger, not smaller, than this problematic one. A clean or OEM install of Windows 11 Pro should not experience this issue.

-- rc primak

Reply | Quote

I had a thought that since Windows 10 Home does not have Bitlocker, those users do not have to install this update.

I have read where OEM supplied WinRE partitions will require an additional 100MB because of the additional utilities contained in the partition.

Also, I have read that Microsoft has developed a Powershell script to do the partition massaging. I don’t have a link for it.

Easus has a free Partition Master utility that apparently is user-friendly for partition massaging.  It also has a paid business version with a free trial. I don’t use it myself.

https://www.easeus.com/download/partition-manager.html

Mark

 

 

1 user thanked author for this post.

rc primak

Reply | Quote

BIOS / MBR installation also don’t have UEFI and Secure Boot, yet they used to get their updates
Microsoft logic

1 user thanked author for this post.

rc primak

Reply | Quote

You would really have to feel sorry for the people that have no computer skills, and Microsoft release a windows update that causes this problem for them.

Shame on you Microsoft it’s not acceptable!

7 users thanked author for this post.

rc primak, CADesertRat, mjhines1, ray0664, JAL64, Carl D, WCHS

Reply | Quote

From what I’ve read here on AskWoody it seems that when the patch fails the computer still functions normally and that it simply has a failed patch. So it seems that for those with limited computer skills, just let Windows Update do it’s thing. If the patch fails, it fails, and so what?

Disclaimer – I’m not recommending this, just throwing it out so the experts here can say yay or nay (and if it’s a dumb idea, please say so)

Edit – I’m assuming this is for folks NOT running Bitlocker.

1 user thanked author for this post.

mjhines1

Reply | Quote

Add to the misery list those of us who dual-boot with Linux. VERY MESSY to reassign partitions in that scenario — voice of ongoing experience.

-- rc primak

Reply | Quote

My recovery partition is 9.97 GB with 66.4 MB free.  Almost all the space is taken up by “windows 10 professional.wim”. This file is in the “image” folder.  The “recovery” folder is empty.  Bitlocker is not enabled and this patch will never see the light of day on my PC.  BTW – my PC was build by a SI (system integrator).

Reply | Quote

Update: the recovery folder does contain the correct items.

Reply | Quote

sheldon wrote:

Update: the recovery folder does contain the correct items.

It must contain a WindowsRE folder with a winre.wim file within that folder in order for the Windows Recovery Environment to function properly.  You can find out by opening an elevated Command Prompt and type

reagentc /info

The results should look similar (the location will be different) to this:

If you get “Disabled”, then the correct items aren’t where they should be.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

1 user thanked author for this post.

rc primak

Reply | Quote

It sounds like your Recovery Environment is also a complete (compressed, minimal) Windows Image. The WIM takes up nearly all of the space in that setup.  When you set up Macrium Reflect to include a Boot Option, it creates a “shadow partition” inside the main Windows System Partition (C:/Windows) which is almost as large.  The Rescue Media you burn are much larger, due to drivers and other needed boot components.

-- rc primak

Reply | Quote

The updates link for “forensic reference”

KB5034441

x64  
https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2024/01/winreupdateinstaller_2401b_amd64_bd52f2e281f320e74d3d930143b60c3a7cde8097.exe

x86  
https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2024/01/winreupdateinstaller_2401b_x86_ff3912981796f90d324548d347d91e61f62bde01.exe


--
KB5034440 Win11 21H2  
https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2024/01/winreupdateinstaller_2401b_amd64_7df3aad9fd852fa54d0a091b55d10644ca6404c5.exe

Reply | Quote

abbodi86 wrote:

The updates link for “forensic reference”

Why isn’t KB5034441 in the catalog?

1 user thanked author for this post.

rc primak

Reply | Quote

Because catalog already have the actual updates: kb5034236 and kb5034232

KB5034441 is just an installer

6 users thanked author for this post.

rc primak, CADesertRat, satrow, PKCano, windbg, WCHS

Reply | Quote

Note that consumers who have complete physical access to, and control over, their computers and who have not enabled BitLocker are unlikely to be affected by this update. But check anyway.

I have a question about “check anyway”.  In this case (i.e., if you do not have BitLocker enabled), what does “check anyway” mean?  I don’t think it means “go ahead and try to install KB5304441 and see if you get one of the two failure messages, and if you do, you know that there is a problem with the WINRE partition size.”   This because in the preceding paragraph, it says “I don’t want you to attempt to install it until you are confident it will have no effect on your system.”

Maybe it means  1) ‘check on your partition sizes’ or 2) ‘check to see if you have a WINRE partition’ or 3) ‘check on the size of the WINRE partition’ or 4) ‘check to see where the WINRE partition is’.  Or any combination of these.  If these are the “checks”, when how do we do that?  Or if these are not the “checks”, what are they?

One post says that you can run the command prompt reagentc /info to find out where the WINRE partition is. But, once you find that out, then what?  I’ve done that and it says that WINRE is in partition 4.  So, where do I go from there with this info?

Additionally, I know very little about the info I find in the diskmanagement snap-in and what it means for KB5304441, when BitLocker is not enabled.  See the diskmanagement snap-in below and my questions about that.

And if I should want to enable BitLocker in the future, I know even less about what to do now in order to have things prepared for that!

Post-Script: Curiously, System Properties>System Protection still calls these partitions ‘Image’ and ‘DELLSUPPORT’.  See ‘System Protection.jpg’  So, if these partitions are protected, what does that mean for KB5034441, BitLocker ‘OFF’ or BitLocker on ‘ON’?

Reply | Quote

WCHS wrote:

See ‘System Protection.jpg’ So, if these partitions are protected, what does that mean for KB5034441, BitLocker ‘OFF’ or BitLocker on ‘ON’?

With respect to that attached image, all that is telling you is that those three partitions are protected by restore points, and nothing more. In other words, you can use restore points to roll back any unwanted changes to your system. This is a feature called System Restore, and is tied to that grey button just above the protection settings list that says, appropriately, “System Restore”. These restore points are snapshots of your system at a given point in time. A restore point is taken before the installation of Windows monthly updates (and at other pre-determined times), for example, so that if a system is unstable after installing a patch, you can roll the system back to the way it was right before installing the patch that made it misbehave.

However, System Restore IS NOT the same as using the tools contained within the recovery partition, so please don’t mix them up.

For now, please just hide KB5034441 (using your choice of tool to do so), and be patient, waiting until things have calmed down about this whole concept. With enough patience, we may find that MS may develop a tool that will be part of a future version of this patch that will automate the resizing of a recovery partition AND install the patch itself, all in a single double clicking of the executable file! Since you don’t have BitLocker enabled on your system, Susan has said repeatedly in the last two days that you don’t need this patch right now because the risk without it is very low.

Reply | Quote

Don’t worry — KB5034441 is hidden.  And I am not going to install it at this moment.

The reason for the snapshot from System Properties>System Protection is to show that the partitions are still named there, but they are not named in Disk Management.  For some reason the names have disappeared in Disk Management.  The names were there in 2020, but they are not there now.  In addition in 2020, Disk Management had an x% for free space in each of the three partitions.  Now, Disk Management has 100% for free space.  So, two things have changed 1) a name vs no name; 2) x% free space vs 100% free space for the 3 partitions.

I am trying to understand what this change in the partitions (no name vs name and 100% free space vs x% free space) means and then looking ahead, whether it would affect the success of installing KB5034441, given that I could decide to turn BitLocker on in the future, even though it is not turned on now.  In other words, does/should the decision matrix about installing this KB factor in the possibility of turning on BitLocker in the future, given that Disk Management says there is 100% free space now in the 3 partitions, where before 2020 there was x% free space there?

Reply | Quote

I am not sure I understand this but here I go anyway:

Let us say this gets resolved either by resizing Rec Partition or MS fixing.

Now what happens to my Bit Locker encrypted thumb drives a SSDs. Can someone who has a PC that has  not done the update plug in my BL Thumb drive into their PC and bypass the encryption ?

This would be a much more serious issue.  Hackers would leave one of there PCs not updated so they could use it get into BL Encrypted drives.

 

Reply | Quote

bashbish wrote:

I am not sure I understand this but here I go anyway:

Let us say this gets resolved either by resizing Rec Partition or MS fixing.

Now what happens to my Bit Locker encrypted thumb drives a SSDs. Can someone who has a PC that has  not done the update plug in my BL Thumb drive into their PC and bypass the encryption ?

This would be a much more serious issue.  Hackers would leave one of there PCs not updated so they could use it get into BL Encrypted drives.

 

I was wondering the same thing. I have a couple of drives (including an external eSATA drive) that are encrypted with Bitlock. Would the vulnerability allow someone to mount my drive in their computer to bypass the PW? If so, that seems like a real issue which I’m not sure could be fixed without requiring all currently encrypted drives to be re-encrypted with the updated patch installed. Maye at this point a PW protected Backup would be more secure.

Reply | Quote

sudo wrote:

You would really have to feel sorry for the people that have no computer skills, and Microsoft release a windows update that causes this problem for them.

Shame on you Microsoft it’s not acceptable!

Indeed. It definitely isn’t acceptable.

Actually, I’m expecting to see something like “To resolve this issue Microsoft recommends upgrading to Windows 11” any day now.

I don’t believe I’ve ever come across a large company so “tuned out” to their customers’ needs and requests as MS is these days.

For example – we were told no more features will be added to Window 10 and then we get things like Windows Backup and Start Menu cluttering “System” labels added… with no easy way (for the average user, at least) to remove them. And I suspect that’s only the beginning for what will probably happen with Windows 10 between now and October next year.

I don’t know whether all this is due to arrogance or incompetence (probably both) but it has definitely been getting worse lately. Especially since the release of Windows 10 in 2015.

As for my own situation – I hid the KB5034441 update with Windows Update Manager (wumgr) and just installed the monthly cumulative update. No problems with that so far.

Edit: I don’t have a recovery partition by the way – that’s always one of the first things I remove (with diskpart) after a Windows 10 clean install. I use Macrium Reflect for all of my backup needs.

 

 

2 users thanked author for this post.

mjhines1, windbg

Reply | Quote

Hi Carl D

Yes in the past i have done the same at times.

“I don’t have a recovery partition by the way – that’s always one of the first things I remove (with diskpart) after a Windows 10 clean install. I use Macrium Reflect for all of my backup needs.”

The only problem i faced with removing the recovery partition was Windows Security-Defender. You could not use “Microsoft Defender Offline scan”  It needs the recovery partition to boot into.

If i remember correctly when Win 10 had a new version release, it would install, and also put back the recovery partition.

Makes me wonder if one did not have a recovery partition would the update create a new one with the correct size etc… Probably not.

2 users thanked author for this post.

windbg, Carl D

Reply | Quote

You should have your laptop Bitlocker setup so that you must type in a PIN before it will boot. This is the best and safest way to use Bitlocker.  This vulnerability does not apply if you are setup with a Pre-Boot PIN.  In other words, it will prevent this exploit.

If TPM+PIN BitLocker protectors are being used, can the vulnerability be exploited if the attacker does not know the TPM PIN?
No. To exploit the vulnerability the attacker needs to know the TPM PIN if the user is protected by the BitLocker TPM+PIN.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20666

Here is how to add a Pre-boot PIN:
https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/

Critical:  You must keep a copy of your Recovery Key.  This is mandatory!! if you don’t, you risk losing everything on your drive permanently.
https://support.microsoft.com/en-us/windows/back-up-your-bitlocker-recovery-key-e63607b4-77fb-4ad3-8022-d6dc428fbd0d

 

 

 

3 users thanked author for this post.

teuhasn2, Paul T, PL1

Reply | Quote

Note: I just sent you a question with several screenshots. I see it called me a guest. I realized I hadn’t logged in. I’m a member! Eric Bruskin is “ejb” and they’re both me.

Reply | Quote

This was my question. I hope it contains all the screenshots. Sorry about this. I keep telling this site to Remember Me, but it never does.

Reply | Quote

The intent of the troubleshooter is to help you hide an update.  You can now let the computer alone for the month if you’ve already installed the OTHER updates.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

ejb

Reply | Quote

I have WIN 10 v 22H2 home edition and a program called Bit Locker to GO?

How is that possible and do I need it???

Win 10 Home 22H2

1 user thanked author for this post.

PL1

Reply | Quote

Win7and10 wrote:

I have WIN 10 v 22H2 home edition and a program called Bit Locker to GO?

How is that possible and do I need it???

Bit Locker To Go AKA Device Encryption: https://www.google.com/search?client=opera&q=Bit+Locker+to+GO&sourceid=opera&ie=UTF-8&oe=UTF-8

The biggest difference between the two is that device encryption is available on all the editions of Windows 10, while BitLocker is only available for Windows 10 Pro, Enterprise, or Education, and offers some additional management tools.

I actually thought they were one in the same, until you asked. I have one drive that I setup as a removable drive and I remember it said it was a Bitlocker To Go drive and had different requirements than  internal drives. AAMOF, I set up my eSATA drive and Windows thought it was a USB drive. Once it was encrypted, it worked as an external eSATA drive.

That is a good question or two.

 

Reply | Quote

PL1 wrote:

Bit Locker To Go AKA Device Encryption:

Bitlocker To Go is not the same thing as Device Encryption.

The first is for removable drives and the second cannot be.

Reply | Quote

Another problematic and unacceptable Windows 10 update, one which apparently is not available from the Catalog and only available via Windows Update.

Windows 10 KB5034441 security update fails with 0x80070643 errors

If the disk does not have a recovery partition (like mine which still uses MBR, not GPT, and the whole Windows system contained in a single partition), does this update KB5034441 still cause problems when attempting to install? Can this update be installed when there is no recovery partition on the disk? Will it even be offered in such a case?

Or rather, is this update really necessary for disks partitioned in MBR?

I still remember when I tested upgrading Windows 10 to newer versions in virtual machines (e.g. from 20H2 to 21H2), if the disk (MBR) only contained a single Windows partition, then after the upgrade was complete an additional partition of about 450-500 MB was added to the disk and the Windows partition was resized to allow the addition of this partition. Probably this was the recovery partition that was added back when the upgrade process detected there was no recovery partition on the disk. I always removed this new partition after the upgrade so that it would still only have one partition on the disk.

Hope for the best. Prepare for the worst.

Reply | Quote

If I use wushowhide and hide this patch now it will never come back until unhidden right? This will prevent it from installing?

Reply | Quote

Jim wrote:

If I use wushowhide and hide this patch now it will never come back until unhidden right?

Yes, mostly correct. The one thing that will make it reappear once hidden is, I believe, if it is superseded in the Microsoft system. Then, it might reappear.

Case in point is KB4023057. That particular update has been around for a few years now and it keeps reappearing every time it is modified by Microsoft, even though folks have hidden it. The only thing that changes is the month and year of it’s issue in the title of the update from, for example, 2023-08 to 2023-10. That small change is enough to make it reappear to be hidden again.

So for KB5034441, the current title of KB5034441 is actually “2024-01 Security Update for Windows 10 Version 22H2 for x64 based Systems (KB5034441)”. If Microsoft makes a change to the patch and re-releases it in May of this year (for example), the new name might start with 2024-05 and the rest of the title will be the same. This seemingly little change would make it reappear in wushowhide, and you’d have to re-hide it if you still didn’t want to install it.

Jim wrote:

This will prevent it from installing?

Yes, it definitely will.

I hope this information helps answer your questions.

3 users thanked author for this post.

mjhines1, Coldheart9020, windbg

Reply | Quote

This was very informative. Thank you very much! If they do not pull this patch i will have to hide it.

Reply | Quote

The problem here is that the cumulative update next month will probably have the same fix, so you may never be able to install updates going forward if this is not addressed.

Reply | Quote

My understanding is that there’s nothing cumulative about KB5034441; is not a cumulative update, but instead is a security update.  In this case, It’s an installer, which calls for a specified KB (see#2622147). So, if a new security update appears with a fix for the old security update, it will have a different KB# in the WU queue and will be calling for a different KB.

Reply | Quote

steeviebops wrote:

The problem here is that the cumulative update next month will probably have the same fix

As @WCHS pointed out, KB5034441 was a Security Update, the January Cumulative Update for Windows 10 22H2 x64 is KB5034122.

Microsoft doesn’t normally include standalone Security updates as part of a Cumulative update. If they need to reissue it, it’ll be issued as either a completely new KB# or using the same KB# but with a newer issue date.

2 users thanked author for this post.

mjhines1, windbg

Reply | Quote

Windows 11 includes it, Windows 10 so far, has not.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

I have Windows 10 Home.  I am not supposed to even have bitlocker.  Still when I un-paused Update so I could run WUSHide all updates downloaded.  I have never learned how to run this.  So, everything downloads before I can block it.  Happily, KB5034441 reports Download error – 0x80070643.  I guess I am safe as long as I don’t click retry.

I am attaching my disc information.

I don’t understand why this even downloaded.  WUSHide now says it is also blocked , but I have never been able to get this tool to work.  Been through the instructions many times.  Just can’t do it.

So KB5034441 downloaded but failed to install and I will not click retry and hope for the best.

HP Pavilion Desktop TP01-0050 – 64 bit
Windows 10 Home Version 22H2
OS build 19045.5487
Windows Defender and Windows Firewall
Microsoft Office Home and Business 2019
-Version 2501(Build 18429.20132 C2R)

Reply | Quote

See #2623332 for what happend with your updaates.

1 user thanked author for this post.

mpw

Reply | Quote

Thank you I will do this as soon as the circling icon stops.
I had been on “Getting Windows Ready” for about half an hour while I became sick to my stomach. It now says “Working on updates”. I think it has been trying to install an unblocked defender update.
While I was typing the screen went black and I do not know what is happening. The computer seems to be on. But the monitor said no signal just before it went black. I am very scared.

I am back.  I think I did just loose my internet.  When it came back my Windows desktop said working on updates again and then 100% and then it came on.  Have not checked how it is working as I am trying to finish this post.  I lost the Chromebook I am on now too so I could not finish until now.

I don’t know what happened.

HP Pavilion Desktop TP01-0050 – 64 bit
Windows 10 Home Version 22H2
OS build 19045.5487
Windows Defender and Windows Firewall
Microsoft Office Home and Business 2019
-Version 2501(Build 18429.20132 C2R)

Reply | Quote

So, it installed everything but KB5034441.  (It installed Cumulative update KB5034122, NET. Framework KB5034275 and some definition updates for Defender and this month’s software removal tool.)

It says it will try to install KB5034441 again so I guess the only way to stop it is to set the internet to metered connection and clear the queue.  The only thing in it is KB5034441.

So here goes.

HP Pavilion Desktop TP01-0050 – 64 bit
Windows 10 Home Version 22H2
OS build 19045.5487
Windows Defender and Windows Firewall
Microsoft Office Home and Business 2019
-Version 2501(Build 18429.20132 C2R)

Reply | Quote

Hooray.  No updates in the queue.  KB 5034441 is blocked in WUSHide.  Updates set to resume 2/8/2024.

Thank you PKCano.  This is not the first time you have saved me.

Could not have done this without my Chromebook to fall back on and your help how to make KB 5034441 go away permanently. BTW I’m back on my desktop and it seems to be working fine.

HP Pavilion Desktop TP01-0050 – 64 bit
Windows 10 Home Version 22H2
OS build 19045.5487
Windows Defender and Windows Firewall
Microsoft Office Home and Business 2019
-Version 2501(Build 18429.20132 C2R)

Reply | Quote

Update failed install on my notebook, which is running Windows Home edition. So no bitlocker.

Edit: on my pc at the office, it installed without problem (Windows Pro without bitlocker enabled).

Edit 2: retried installing it on my notebook and now it installs fine….

Reply | Quote

Users who don’t have C: partition followed by Restore partition and will follow Microsoft’s (stupid advice, doesn’t mention this requirement) will trash their PCs.

Reply | Quote

Graham wrote:

Coises wrote:

So, how large is “large enough”?

Is the only way to find out to try the update and see if it fails? If so, what is the impact of the update failing — just that the vulnerability remains unpatched, or is system operation impaired?

I assembled my machine myself and installed Windows 10 Pro on an SSD. The recovery partition appears to be first, not last, and it’s 529MB. I do have Bitlocker active on the system and data partitions, as a precaution should the machine ever be stolen.

That’s the crucial question isn’t it? How large is large enough? I have about 518MB of 1000MB free. (I think I’ve had to increase the size of this partition once before.)

Although I do actually have two recovery partitions. The 1000MB one is labelled WinRE_DRV and the other is unlabelled (with 88MB of 620MB free.)

This is the unanswered question – how much free space and how much total space needed in the WINRE recovery partition?

Reply | Quote

Well, I just confirmed that this “famous” partition on my computer:

1. has a size of 1 gigabytes, which is sufficient according to M$
2. is empty !

I have BitLocker, but it is not used anyway.

So I really don’t understand why this patch has been failing at least 3 times until I blocked it…

2 users thanked author for this post.

mjhines1, windbg

Reply | Quote

A dual-boot twist — and question:

I have a Dell desktop which ran Win 8.1 for years then I installed Win 10 (now 22H2) in a dual boot config.  There IS a WinRE partition from Win 8.1.  I can see it with a disk partition utility.  But running reagentc /info it shows NO WinRE partition (see attached).

I’m assuming the WinRE for Win 10 is specific to Win 10.  So, in this configuration on a GPT disk, should I EVEN attempt an install of the offending update?  Do I NEED a Win 10 WinRE partition at all?  I’ve been running Win 10 for several years with no issues.  NO Bitlocker installed.

(What a brain **** this is!!)

 

Reply | Quote

I have not tried to install KB5034441 or any other Jan 2024 Patch Tuesday update so I don’t know yet if my Win 10 Pro v22H2 machine is affected by this bug.  Control Panel | System and Security | BitLocker Drive Encryption shows that BitLocker is OFF.

Can anyone explain the discrepancy in the size of my WinRE recovery partition when I check in an elevated command prompt vs Windows Disk Management?

The ReagentC and Dism /get-ImageInfo commands described in the MS Learn article Validate the Windows RE Version in an Online Windows OS show that my WinRE recovery partition is Partition4 and is 3.791 GB in size (see attached image), but Windows Disk Management shows Partition4 has a capacity of 990 MB and is 100% free.

I enabled the System Restore feature (disabled by default) years ago as instructed in the WindowsCentral article How to Use System Restore on Windows 10 so my system creates the occasional system restore point [max usage = 22.34 GB (10% of C: drive); current usage 12.77 GB].

I have no idea what my Partition6 is used for, but note that I have added my Macrium Reflect Free recovery environment to my Windows boot menu options and used to have the Dell SupportAssist OS Recovery utility (now uninstalled) installed on my Inspiron laptop.
—————
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3803 * Firefox v121.0.1 * Microsoft Defender v4.18.23110.3-1.1.23110.2 * Malwarebytes Premium v4.6.8.311-1.0.2235 * Macrium Reflect Free v8.0.7783

Reply | Quote

Hi @lmacri,

FWIIW, when my Dell Inspiron 5482 was almost new, Disk Management showed the name WINRETOOLS for partition 4 (990 MB), Image for partition 5 (12.31 GB), and DELLSUPPORT for partition 6 (1.23 GB). At the end of the partition map, there was 13 MB of unallocated space. At that time, Disk Management showed a specific % of free space for partitions 4, 5, and 6.

In 2020, I opted for Dell’s SupportAssist System Repair, and Disk Management showed something different. Partitions 4, 5, and 6 were no longer named, but the capacity of each had not changed. It showed 100% free for each of those 3 partitions.

I still have System Repair ON and Disk Management looks the same now. (BTW, System Repair has come to the rescue several times.)

Personally, I think SupportAssist System Repair has something to do with Disk Management’s 100% free space for partitions 4, 5, and 5 and no names for them, whether this feature was once-ON-but-no-longer / or still-ON.

I called Dell once about the ‘100% free’ designation and an agent told me that this was because the data was hidden. I know that when System Repair is turned on, the backup/repair points are hidden at C:\ProgramData\Dell\SARemediation\SystemRepair (I learned that from you), so I have thought that’s why Disk Management says 100% free, maybe because there is a pointer in those partitions to the hidden folder in OS (C:).

But, since you have System Repair OFF now, it looks like the info in Disk Management superficially remains the same as it was when System Repair was once ON.

P.S: The 1st and 2nd files are .png files and their images get posted. The 3rd file is a .jpg file and it gets rendered as a link. I don’t know the reason for the difference in how the screenshots are posted – it must be due to the extension of the file.

P.S.S: the 3rd file (a .jpg file) is now an incomplete image in the post. But, if you click on it, you will see it all.

P.S.S.S: now all three files are posted as full images!!

Reply | Quote

lmacri wrote:

The ReagentC and Dism /get-ImageInfo commands described in the MS Learn article Validate the Windows RE Version in an Online Windows OS show that my WinRE recovery partition is Partition4 and is 3.791 GB in size (see attached image), but Windows Disk Management shows Partition4 has a capacity of 990 MB and is 100% free.

Bear in mind that winre.wim is an image file, and image files don’t do anything until they are mounted.  That combination of commands you used gives you the mounted size of your recovery environment (in actual use, WindowsRE is a mounted VHD in RAM, not on your physical drive).

There is no discrepancy, it’s just the difference between virtual drive and physical drive.  As for the 100% free, hidden partitions are always 100% free; the contents are hidden.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

1 user thanked author for this post.

WCHS

Reply | Quote

Installed fine on my work laptop (which is BitLocker encrypted so I felt it justified to do). It has a 903 MB recovery partition.

Reply | Quote

In our org, policy requires that all of our Windows users use Pro editions and run our tweaked version of BitLocker, which requires pre-boot authentication.  It looks like most of the discussion here seems to be related either to Home users (BitLocker To Go that is used to encrypt individual devices is not the same as full-disk encryption provided by BitLocker in Pro editions), or others that aren’t doing full-disk encryption.

What I’m not getting is the trade-offs for our situation.  Not installing KB5034441 leaves a computer as-is, without risk of issues with WinRE but also vulnerabilities to machines with BitLocker installed.  Installing KB5034441 fixes the BitLocker issue, but what of machines that have potential issues with WinRE?

I also don’t have a clear understanding of what the symptoms are of a machine with WinRE problems.  And to me, BlockAPatch might be usable, but it’s not something that I’m comfortable with giving to non-technical users to do by themselves.

I will note that I have at least a couple of users that have already applied updates to Windows 10 Pro (before I could advise to wait) and report no issues with WinRE, and I presume that both have recovery partitions at the end.  One a Lenovo ThinkPad, and the other is a Dell machine that I’m not familiar with the detail on, although the user reports other unrelated issues following upgrade.

Any thoughts on how we should handle our remaining users, given our use of BitLocker?

 

Reply | Quote

Pre-boot authentication effectively closes the hole so you don’t need to patch, yet. (Can’t find the reference.)
An update to RE fixes the issue, but it needs enough space.

To see if you will have problems, view the size of the recovery partition – around 900MB seems OK.

The reports here suggest that a failed patch will not impact your machine, so I would take the “do nothing” option for another week.

cheers, Paul

Reply | Quote

On my Win 10 Pro Thinkpad, I have 2 Recovery Partitions, both 100% free. One is 732 MB and the other is 1000 MB. And yet, the update failed.

Reply | Quote

100% free = “Windows programmers didn’t give you a way to see how much space is used”.
At over 700MB it seems you will be OK.

cheers, Paul

Reply | Quote

Paul, thanks for the reply. Wow, that “100% free” is misleading then. You say it seems I’ll be OK, but … OK for what? The install failed.

Reply | Quote

700MB should be more than enough. You must have another issue.

cheers, Paul

1 user thanked author for this post.

ejb

Reply | Quote

[Rush2112]

I do not believe that I have BitLocker on my Win 10 Home PC. But should I be safe in installing the update if offered? If I need to hide the patch, how do I do so. Is it by using the BlockAPatch method? And if so, how exactly does that work. *Note* I do not know the size of my recovery partition. How do I find that out?

• This reply was modified 1 year, 1 month ago by Rush2112. Reason: Missing word

Reply | Quote

It seems the patch will install on all PCs, BitLocker or no.
I would run WUmgr, search for updates, then hide 34441.

This will give MS time to fix it so you don’t have to worry.

cheers, Paul

 

1 user thanked author for this post.

Alex5723

Reply | Quote

cmar6 wrote:

This raises an interesting question. If system shows “Turn on Bitlocker” in Windows Explorer, does that mean Bitlocker is installed? And if so, does that say anything about the presence of a TPM chip?

Your question may have gotten missed yesterday. Here’s a Microsoft document to help check whether you have or can have BitLocker:

https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838

You can probably skip the first section about seeing if you have Disk Encryption and just move to the second section about BitLocker. As stated in the thread, BitLocker can’t be enabled on Win 10 Home or Win 11 Home. If you have Windows 10/11 Pro but aren’t offered the option to run BitLocker and aren’t already using it as seen at Manage BitLocker, it’s most likely because your hardware lacks the TPM chip needed.

If you do want to use BitLocker, you should do so using the PIN option and be sure to keep a safe and secure copy of your Recovery key.

Reply | Quote

How do we know if we have a recovery partition, and if so what size it is? Similarly, how do we know if we have BitLocker?

I have 2 desktop PCs with Windows 10 ver 22H2, one was upgraded from Windows 7 and is a Home edition (presumably without Bitlocker), the other is a new machine supplied with Windows 10 pre-installed as a Pro edition.

I’m totally lost as to what I need to do if anything, other than wait until my update pause expires early next month.

Surely this update should be pulled until MS have fixed it. Yes this may mean there’s a risk to some by not installing it, but there seems to be a greater threat to many by installing it.

Reply | Quote

Recovery Partitions exist on all commercial machines. Home built, maybe.
Run Disk Management to view your partitions, but don’t modify any.
Win R, diskmgmt.msc, Enter

cheers, Paul

1 user thanked author for this post.

Seff

Reply | Quote

@self: I answered your second question in the post above yours. As to how you can see if you have recovery partitions, and if so, what size your recovery partitions are and how much space is available on them, one way in Win 10 Pro is to open Control Panel and then Administrative Tools. Right-click on Computer Management and select “Run as administrator.” Enter your administrator password if needed, and on the left, under Storage, select Disk Management.

After a brief pause you’ll see your connected storage devices listed in the upper center. Some of them will be marked “Healthy (Recovery Partition).” Scroll to the right if needed and the Capacity and Free Space is indicated for each Recovery Partition. You can also see the Capacity for each partition displayed in the corresponding boxes in the diagram below, but to see Free Space or % Free, you have to look in the upper center window where devices are listed and scroll to the right if needed.

1 user thanked author for this post.

Seff

Reply | Quote

I do NOT recommend using this because you shouldn’t even be installing Windows Quality Updates Yet as AskWoody is at MS-DEFCON 1 – Do not Install.  This will be worked out by Microsoft by next month without user intervention. Let it be.  Anyway, here is info for those interested:

Microsoft shares script to update Windows 10 WinRE with BitLocker fixes
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-script-to-update-windows-10-winre-with-bitlocker-fixes/

 

 

1 user thanked author for this post.

PL1

Reply | Quote

MSFT need to simplify this, as there are differing conotations of partition layouts where expanding/ shrinking the WinRE is just TOO FAR for most!

My experience:
W11 Pro monthly’s updated without any fuss this month.

However, 2 x W10 Pro x64 and 1 x W10 Pro x86 were each in need of individual attention after CU and .NET patches. Grrr!

All W10’s required increase adjustments to WinRE size before kb5034441 would inject. (yup, two attempts on the test device, clearing distributionstore between each)

Rather than the MS method of the 250mb increase, I used bootable Minitool Partition Wizard 9.1 USB media (UEFI & MBR versions respectively) to adjust the WinRE size to 750mb from ~500mb, as they were next to the OS partition, then re-aligned partitions.

Upon restart within cmd (as admin) ran:

Reagentc /enable

Revisted WU and installed kb5034441 without error on each.
Checked and analysed DISM, no corruptions. SFC /scannow reported no violations. Phew!

Feeling your pain enterprise admins..

If debian is good enough for NASA...

Reply | Quote

Microfix wrote:

However, 2 x W10 Pro x64 and 1 x W10 Pro x86 were each in need of individual attention after CU and .NET patches. Grrr!

You’re lucky that you know what you are doing and can do this. What about us poor souls that will be hanging out to dry for lack of this kind of expertise?

1 user thanked author for this post.

mjhines1

Reply | Quote

Microfix wrote:

MSFT need to simplify this, as there are differing conotations of partition layouts where expanding/ shrinking the WinRE is just TOO FAR for most!

It did by creating a Powershell script that doesn’t require changing partition size.

https://support.microsoft.com/en-us/topic/kb5034957-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2024-20666-0190331b-1ca3-42d8-8a55-7fc406910c10

Reply | Quote

That script is a step in the right direction, but I still think the typical home user won’t know what to do with the script and the link doesn’t really explain how to run the scriptin a way that will be understandable to a typical home user.

Reply | Quote

DrBonzo wrote:

That script is a step in the right direction..

More like it’s in the ‘left’ direction as there’s nothing ‘right’ in producing a security patch that requires a fudge release of a PS script in order to make the patch effective.

If debian is good enough for NASA...

Reply | Quote

Intrepid wrote:

I do NOT recommend using this because you shouldn’t even be installing Windows Quality Updates Yet as AskWoody is at MS-DEFCON 1 – Do not Install.  This will be worked out by Microsoft by next month without user intervention. Let it be.  Anyway, here is info for those interested:

Microsoft shares script to update Windows 10 WinRE with BitLocker fixes
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-script-to-update-windows-10-winre-with-bitlocker-fixes/

 

 

I think you are naive if you think Microsoft can just fix this. If the problem is that a partition is too big for a new winre.wim file (which seems to be the problem,) they very likely can’t just make the file smaller again. Their only other choice is to start re-sizing partitions (not just the recovery one) while installing a replacement update.  I, for one, do not trust Microsoft not to screw this up while doing it silently behind the scenes during another update!

Reply | Quote

How do I stop emails I am getting about this post ?

Reply | Quote

Go to the top of the Topic (gray bar with Author Topic) and Unsubscribe.

Reply | Quote

No. The new PatchWinREScript_2004plus.ps1 script appears to patch the WinRE image to mitigate the vulnerability in the existing partition without resizing it just fine… I’m sure MS will find a way to fix the issue automatically by next month.

 

Graham wrote:

Intrepid wrote:

I do NOT recommend using this because you shouldn’t even be installing Windows Quality Updates Yet as AskWoody is at MS-DEFCON 1 – Do not Install.  This will be worked out by Microsoft by next month without user intervention. Let it be.  Anyway, here is info for those interested:

Microsoft shares script to update Windows 10 WinRE with BitLocker fixes
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-script-to-update-windows-10-winre-with-bitlocker-fixes/

 

 

I think you are naive if you think Microsoft can just fix this. If the problem is that a partition is too big for a new winre.wim file (which seems to be the problem,) they very likely can’t just make the file smaller again. Their only other choice is to start re-sizing partitions (not just the recovery one) while installing a replacement update.  I, for one, do not trust Microsoft not to screw this up while doing it silently behind the scenes during another update!

 

 

 

 

 

1 user thanked author for this post.

PL1

Reply | Quote

Intrepid, I am with you on this and hope this is fixed shortly. Carry on!

Win 10 Home 22H2

Reply | Quote

This is just horrible for the home user, and one should not undertake the stress of doing this.

I do not patch until the week before the next patch Tuesday and not in a rush to be a guinea pig. I also value my equipment and need my laptop for important personal use. I am sure that most home users feel the same way.

Several years ago Microsoft failed to release a .cab that rendered the windows update manager useless. They fixed it and then everyone could download the updates. It was not immediate, but timely.

I will sit tight and wait out the month. Not a happy camper! Trying to stay positive!

 

 

Win 10 Home 22H2

1 user thanked author for this post.

mjhines1

Reply | Quote

This morning I was rearranging the furniture in the A & B sides of my dual boot, and using TBWinRE for some drive/partition imaging (TBWinRE is what results from incorporating Image For Windows into the WindowsRE).  I’m on Windows 11 23H2, but all this difficulty about WindowsRE and partition sizes with Windows 10 aroused my curiosity.  I’ll post a synopsis of my furniture rearranging in the Image For Windows Forum.

I found out that Windows 11 got the WindowsRE update as well.  I used Process Hacker to examine WindowsRE and the file date on winre.wim is 1-9-2024.  Winre.wim is ~105MB larger than before.  There is also a “Reload.xml” file that wasn’t there before:

<?xml version=’1.0′ encoding=’utf-8′?>

<WindowsRE version=”2.0″>
<WinreBCD id=”{215ceeaa-7c2d-11ee-ade0-cfc79b94deb9}”/>
<WinreLocation path=”\Recovery\WindowsRE” id=”0″ offset=”1048576″ guid=”{1497cc39-c1db-4785-bdf3-718b891c2841}”/>
<ImageLocation path=”\recovery\windowsre” id=”0″ offset=”1048576″ guid=”{1497cc39-c1db-4785-bdf3-718b891c2841}”/>
<PBRImageLocation path=”” id=”0″ offset=”0″ guid=”{00000000-0000-0000-0000-000000000000}” index=”0″/>
<PBRCustomImageLocation path=”” id=”0″ offset=”0″ guid=”{00000000-0000-0000-0000-000000000000}” index=”0″/>
<InstallState state=”1″/>
<OsInstallAvailable state=”0″/>
<CustomImageAvailable state=”0″/>
<IsAutoRepairOn state=”1″/>
<WinREStaged state=”0″/>
<OperationParam path=””/>
<OperationPermanent state=”0″/>
<OsBuildVersion path=”22621.1.amd64fre.ni_release.220506-1250″/>
<OemTool state=”0″/>
<IsServer state=”0″/>
<DownlevelWinreLocation path=”” id=”0″ offset=”0″ guid=”{00000000-0000-0000-0000-000000000000}”/>
<IsWimBoot state=”0″/>
<NarratorScheduled state=”0″/>
<ScheduledOperation state=”5″ status=”1223″/><BackupLaunch state=”0″ status=”0″/><BackupComplete state=”0″ status=”0″/><BackupResult status=”0″/><MachineGuid id=”{00000000-0000-0000-0000-000000000000}”/><UserGuid id=”{00000000-0000-0000-0000-000000000000}”/><OptIn state=”0″/>
</WindowsRE>

I’m guessing that Microsoft is laying the groundwork for something coming, and the Windows 10 machines that may eventually upgrade to Windows 11 are feeling the pain.  We know that there are some Windows 11-ready PC’s that are running Windows 10, and so does Microsoft.  The advice to expand the WindowsRE partition by 250MB is for 105MB or so increase in winre.wim, with room for what may be coming down the pike.

The updated winre.wim kept my Image For Windows addition intact, which indicates to me that the update process mounted the winre.wim image, did its thing, then unmounted the image.  With that small an image, it’s a pretty quick process.  Therein may lie the problem some Windows 10 machines are having; the image has to be mounted in an empty folder which, in the case of WindowsRE, would have to be created within the WindowsRE partition, and there isn’t enough room for the winre.wim together with the mounted image.  Of course, the update process may do this virtually, but the WindowsRE folder still has to have enough free space to hold the ~105MB increase in size of winre.wim.

The updated winre.wim file is 759MB, previously 654MB.  My Recovery Environment (WindowsRE) is not on the OS SSD, it’s on a separate 1GB partition on another SSD.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

Reply | Quote

I thought I was following along in your description, but the term Recovery Environment popped up at the end. What’s the difference in the terms WindowsRE and Recovery Environment?

Reply | Quote

WCHS wrote:

What’s the difference in the terms WindowsRE and Recovery Environment?

WindowsRE = Windows Recovery Environment.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

1 user thanked author for this post.

WCHS

Reply | Quote

What I don’t understand is why microsoft doesn’t stop pushing this update to windows home.

You can’t run bitlocker on the home version of windows, right?

 

Reply | Quote

curious leo wrote:

What I don’t understand is why microsoft doesn’t stop pushing this update to windows home.

You can’t run bitlocker on the home version of windows, right?

 

Incorrect, it does exist for home versions of windows; it’s just called “device encryption”, and limited to VMK sealed by TPM only (no PIN allowed), and recovery key forced to be stored with Microsoft (by Microsoft Account).

Reply | Quote

Well, let’s see..

1. Under normal circumstances, a DEFCON-1 from Susan would result in a quick skim and then I’d go do something else.  I def wouldn’t update my computer.  🙂
2. But, Bitlocker…  I’m sure the contents of my hard drive in the wild would result in identify theft for my family — maybe even for my grandkids.
3. Macrium Reflect (thanks, Susan) seemed like the easiest way to refresh my memory re: my disk layout.  I have a couple of partitions (0, 1) before C: (2).  But then I have a small (< 1 GB) unnamed partition (3) after C:.  So, my WinRE partition is #4.  I was a little concerned, since it says that WinRE must be right after the operating system partition.
4. I decided to assume that, since WinRE currently works, that my current location of WinRE is OK. Maybe the extra partition after C: is Macrium’s work.  If I did know, I have forgotten.
5. My WinRE partition is 450MB w/ 354MB used (according to Macrium).  Do I feel lucky?  I do…
6. So, followed the instructions here: https://support.microsoft.com/en-us/topic/kb5034957-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2024-20666-0190331b-1ca3-42d8-8a55-7fc406910c10
7. Very easy, and all appears to be well.  I guess I’ll boot into it to make sure the next time the Macrium choices screen shows up after I next reboot my system…

Reply | Quote

A rough ride with Jan. 2024 update in Windows 10 Pro 22H2 (no BitLocker).

Using WUmgr I got 6 updates (2 .NET) including KB5034441.
I ran the updates knowing that KB5034441 end in error.
5 updates installed quickly (WUmgr didn’t display an error for KB5034441) while the last update, probably KB5034122 ran for close to 1 hour and didn’t finish.

I decided to stop WUmgr and restart. Got Windows checking.. don’t shut PC’ notice.
Let it run for 20 min and decided to force shut down.

After re-start got that notice again, but this time the PC restarted couple of times and I got to the desktop.

This time I choose Windows update and got KB5034441 and KB5034122.
KB5034441 failed but KB5034122 has installed.
PC restarted to desktop after the usual 30%, 100%.
Used WUngr to hide KB5034441.

PC runs a usual.

Reply | Quote

On 19 Nov 2023, I had to run a “Repair Install Windows OS” <see Options # 2604213>

Today, 12 Jan 2024, I ran MiniTool Partition Wizard Free 12.8, which shows my Recovery Partion is almost at full capacity <529 MB capacity, 481.57 MB used>

The Minitool “Space Analyzer” tool shows my Recovery Partion has two folders as follows:

(1) System Volume Information; this folder has one sub folder and one log
EfaSIDat <folder with one file>
SYMEFA.DB <40 KB >
tracking log < 20 KB >
(2) Recovery; this folder has one sub folder
WindowsRE < folder has three files >
boot.sdi <3.02 MB>
Reagent.xml <1.08 KB>
Winre.wim <467.99 MB> “the image file containing the bootable repair tools for Windows”

I ran across this file << https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-recovery-environment–windows-re–technical-reference?view=windows-10 >>

It says: “Add the baseline WinRE tools image (winre.wim) to a separate partition from the Windows and data partitions. This enables your users to use WinRE even if the Windows partition is encrypted with Windows BitLocker Drive Encryption. It also prevents your users from accidentally modifying or removing the WinRE tools.

“Store the recovery tools in a dedicated partition, directly after the Windows partition. This way, if future updates require a larger recovery partition, Windows will be able to handle it more efficiently by adjusting the Windows and recovery partition sizes, rather than having to create a new recovery partition size while the old one remains in place.

“The Windows RE update process makes every effort to reuse the existing Windows RE partition without any modification. However, in some rare situations where the new Windows RE image (along with the migrated/injected contents) does not fit in the existing Windows RE partition, the update process will behave as follows:

• If the existing Windows RE partition is located immediately after the Windows partition, the Windows partition will be shrunk and space will be added to the Windows RE partition. The new Windows RE image will be installed onto the expanded Windows RE partition.
• If the existing Windows RE partition is not located immediately after the Windows partition, the Windows partition will be shrunk and a new Windows RE partition will be created. The new Windows RE image will be installed onto this new Windows RE partition. The existing Windows RE partition will be orphaned.
• If the existing Windows RE partition cannot be reused and the Windows partition cannot successfully be shrunk, the new Windows RE image will be installed onto the Windows partition. The existing Windows RE partition will be orphaned.

Does this mean Windows will, someday, somehow, automatically shrink the old partition and create a new one ?

2 users thanked author for this post.

kewlputergeek, PL1

Reply | Quote

DKThompson wrote:

Does this mean Windows will, someday, somehow, automatically shrink the old partition and create a new one

More likely MS will work out how to do the update without using so much space. A partition resize is not something you do unattended or without prior backup.

cheers, Paul

1 user thanked author for this post.

DKThompson

Reply | Quote

DKThompson wrote:

Does this mean Windows will, someday, somehow, automatically shrink the old partition and create a new one ?

Indeed.  That happened to me with the update to 22H1 or 22H2, don’t recall which.  My WindowsRE partition on a separate drive was orphaned, and a new WindowsRE created by shrinking my Windows partition and creating WindowsRE behind Windows.

I updated my orphaned WindowsRE in my preferred location, deleted the Windows-created WindowsRE, and everything worked the way I wanted it to work once again.

On the other hand, with this most recent update, my WindowsRE winre.wim was updated in my partition of preference, and the update did not create a new WindowsRE after the Windows partition.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

2 users thanked author for this post.

DKThompson, PL1

Reply | Quote

Paul T wrote:

More likely MS will work out how to do the update without using so much space.

Microsoft already did so with its Powershell script.

Reply | Quote

That doesn’t work for majority of users who are “non-geeks”

2 users thanked author for this post.

mjhines1, ejb

Reply | Quote

The January 2024 Windows RE update might fail to install
Status
Confirmed

Affected platforms
Client VersionsMessage IDOriginating KBResolved KB
Windows 10, version 22H2 WI706429 KB5034441 –
Windows 10, version 21H2 WI706430 KB5034441 –

Devices attempting to install the January 2024 Windows Recovery Environment update (the Originating KBs listed above) might display an error related to the size of the Recovery Environment’s partition. The Windows Recovery Environment (WinRE) is used to repair or recover from issues affecting Windows.

Resulting from this error, the following message might be displayed.

“0x80070643 – ERROR_INSTALL_FAILURE”

Workaround: It might be necessary to increase the size of the WinRE partition in order to avoid this issue and complete the installation. Note that 250 megabytes of free space is required in the recovery partition. Guidance to change the WinRE partition size can be found in KB5028997: Instructions to manually resize your partition to install the WinRE update.

Next steps: We are working on a resolution and will provide an update in an upcoming release.

Susan Bradley Patch Lady/Prudent patcher

5 users thanked author for this post.

mjhines1, windbg, Alex5723, NaNoNyMouse, kewlputergeek

Reply | Quote

My machine 66.7 MB free.    That being said, this update will never see the light of day on my machine.

Reply | Quote

I observe that the down side of skipping this update b/c you are not *currently* running Bitlocker is that you may forget to update your WinRE if you decide to use Bitlocker in the future (i.e. a buggy WinRE renders the encryption process worthless)…

Reply | Quote

It renders BitLocker susceptible to a bypass attack if you do not use a pre-boot PIN. An attacker still needs determination to get to your data – assuming you have data worth stealing.
If your data is worth stealing you should have a pre-boot PIN and maybe other counter measures.

cheers, Paul

Reply | Quote

Yep! I don’t understand why anyone would leave their data unencrypted or set up Bitlocker without a pin?

My point, though, remains: knowingly leaving software with an egregious security flaw on your machine because you are not *currently* at risk is not an IT best practice.

The recent iPhone hack that chained four unrelated flaws together to produce a total pwn shows that security is pretty complex.

I spent 30 mins researching this flaw, and two minutes running the script to fix it. A good time investment IMO.

Reply | Quote

Best practice and MS making the patching process work for us mere mortals are two very different things.  🙂

cheers, Paul

Reply | Quote

and also THANNKS!

Had a 20 yo WinX pro and then motherboard fried.
Okay, was going to do the 3 Rs (research, rebuild, reload) anyway.
Now have HP Win11 home (12GB RAM).
1. After Nov updates, Advanced System Care says I’m using 50% RAM when idle.
2. Held my breath and allowed Dec updates, had no size issues.
Everything appears okay.
ASC now says I’m using 35% RAM when idle.
Appears Micros**t may have actually made something better.

Respectfully – Robert Margulski

Reply | Quote

You actually want Windows to use lots of RAM, otherwise it’s sitting around wasted.
Having apps loaded and ready to go is a good thing in my book.

cheers, Paul

2 users thanked author for this post.

Alex5723, kewlputergeek

Reply | Quote

1. After Nov updates, Advanced System Care says I’m using 50% RAM when idle.
2. Held my breath and allowed Dec updates, had no size issues.
Everything appears okay.
ASC now says I’m using 35% RAM when idle.

So…. A few RAM points (is it OK to go off on a tangent on an Ask Woody thread, or is that discouraged?):

• Idle RAM usage is not a particularly useful measure.  If you’re not doing anything, you’re not doing anything.
• As Paul T pointed out, high RAM usage can be very good.
• Generally, it’s fine when the operating system uses a lot of RAM.  That’s good and means that slow disk access is less used than it would be otherwise.
• Generally, it’s bad when an application pegs your RAM — say, like Chrome was famous for.  It means the OS has to fight for RAM.  If you’re using something like Stable Diffusion and it’s maxing out your RAM and VRAM and CPU, it is what it is.  But, your system is most responsive when your apps are using a smaller amount of RAM and leaving a decent amount for the OS to manage as it doles out memory to apps and background processes.
• I used the term “generally” because exceptions abound.  The memory management stuff I did as a young computer scientist in the late 70’s and early 80’s is ancient history compared to today’s modern memory management techniques using specialized memory chips.  It’s fascinating.

Anyway, 640K is all the RAM anyone would ever need! https://www.computerworld.com/article/2534312/the–640k–quote-won-t-go-away—-but-did-gates-really-say-it-.html

Reply | Quote

Hello all

Thanks for posting this information. I was troubleshooting this yesterday and found a site that showed how to resize the Recovery Partition in order to get the patch to install… I found that the Recovery had to be resized to 1GB or greater. I wrote a blog about it here: jvhconsulting.com – https://jvhconsulting.com/2024/01/13/windows-10-kb5034441-security-update-fails-with-0x80070643-errors;

it uses Diskpart to remove, recreate recovery partition based on MBR or GPT disk types after shrinking space off OS drive (550mb). After doing this the patch installs okay.

Today after reading your article and also trying the WUHowHide.diagcab tool to block /hide the KB5034441 article I figured there must be a way to do this via powershell – especially since in my RMM I had about 35 Machines needing this fix.

While I haven’t gotten the RMM script to work successfully (yet), the commands do work from a remote command prompt-powershell.

Here are the commands for Win10/11 machines to Hide this KB5034441 patch from the system and remove the error
Set-ExecutionPolicy Unrestricted -Force
install-module -name PSWindowsUpdate -Force
Hide-WindowsUpdate -KBArticleID KB5034441 -AcceptAll

After running above the output below shows, indicating the KB is Hidden by the H in Status Column:
ComputerName Status KB Size Title
———— —— — —- —–
<PCNAME> D–H– KB5034441 23MB 2024-01 Security Update for Windows 10 Version 22H2 for x64-based Systems

Hope this helps! I plan to update my blog with this info. (jvhconsulting.com).

Regards
Joost van Haaren
JVH Consulting, LLC

1 user thanked author for this post.

kewlputergeek

Reply | Quote

MS have a PowerShell script to perform the update.
https://www.askwoody.com/forums/topic/0x80070643-error_install_failure-with-kb5034441/#post-2623194

cheers, Paul

1 user thanked author for this post.

Alex5723

Reply | Quote

The script only suspend/restore Bitlocker correctly to install the update
it doesn’t change or resize parition if needed

3 users thanked author for this post.

Microfix, WCHS, Paul T

Reply | Quote

Coming into this late

1) Are we being directed by Microsoft to re-partition in order for an update to install?

2) how would we know what size is adequate?

3) how can we Check our partition sizes to find out if we have space issues?

Reply | Quote

Stay tuned for part 2 in next week’s Patch Watch.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

kewlputergeek

Reply | Quote

Here are my suggestions:

If you are NOT using BitLocker or you are using BitLocker on a machine w/ a TPM chip and you have set a PIN: put a note on your calendar for, say, three months from now to see if Microsoft has made the update process easier.  You’re safe from an attack (according to Microsoft).

Otherwise, you should update now or set the PIN (assuming you have a TPM) if you would be upset if the data on your BitLocker-encrypted hard drive made it into the wild.  

My WinRE partition is 450MB — it was large enough.  No one seems to be sure how large it needs to be on any given machine.

The instructions for increasing the size and/or moving the partition may seem daunting if you’re not used to doing that kind of thing, but it’s not a complex process and Microsoft explained it very clearly in the links posted above.

IMO, the simplest thing to do is to run the Microsoft-supplied script I and others posted above.  If it works, you’re done.  If it doesn’t work, you follow the steps Microsoft outlined to fix the size and/or position.

What I don’t recommend if you consider your encrypted data sensitive: waiting more than a short period of time for Microsoft to make this even easier than it already is.  If they’re going to write a tool that resizes and moves partitions automatically, it’s going to be a while before it’s created and tested.  It’s pretty easy to do that manually on a given machine — and it’s pretty difficult to write general code that will safely do it on all machines.  Microsoft has already annoyed many users on this thread by releasing a buggy update that doesn’t cause any damage — imagine the blowback re: disk and operating system corruption…

Reply | Quote

As I predicted:

Microsoft working on a fix for Windows 10 Bitlocker Issue

https://www.bleepingcomputer.com/news/microsoft/microsoft-working-on-a-fix-for-windows-10-0x80070643-errors/

 

Reply | Quote

Tackled the first Win10 Pro today. Hardware install on an old Dell Studio XPS 1340 with 6GB RAM and a 512GB spinner HDD, originally Win7 Ultimate upgraded to Win10 Pro. The disk: partition 1 is 39MB OEM, partition 2 is 14.65GB Recovery, and partition 3 OS the rest of the drive.

First, I tried to shrink the OS partition by 1GB with Mini Tool Partition Wizard, thinking perhaps the install would abandon the existing WinRE and install it on an NTFS formatted partition 4. Didn’t work – Mini Tool reported not enough memory.

Next tried Windows Update including KB5034441. There was an error on download (not install) on KB5034441. I hid it before rebooting and the installation (KB5034122 CU 22H2 Build 19045.3930, .NET Framework, Defender, and MSRT) completed without error.

After the update, wondering what would happen, I unhid KB5034441 and allowed it to download/install. It did without error and the Partition 2 WinRE was updated to Build 3930, modified date 1/16/24. So the WinRE does not have to be in Part4 to be updated, as long as it is big enough.

On to the other two Win10 in Parallels VMs tomorrow

Update: see #2629983 for results on the other two installs.

2 users thanked author for this post.

Bob99, kewlputergeek

Reply | Quote

PKCano wrote:

Next tried Windows Update including KB5034441. There was an error on download (not install) on KB5034441. I hid it before rebooting and the installation (KB5034122 CU 22H2 Build 19045.3930, .NET Framework, Defender, and MSRT) completed without error.

Was Windows Update on Pause? And then you unpaused it? Or did you have GP = Automatic Updates configured to ‘2 = notify download and auto install’ and you released the files from WUSH and then chose to download KB5034441 first?

I ask because it looks like the order is KB5034441 first and then the others. Did WU determine the order of installation? or did you?

I ask because I usually use WUSH to hide the updates and then release them one by one, waiting for one to install before I release and download/install the next one. I do this in order to not be confused about when to RESTART. So, if there is a RESTART, it applies only to the single patch that had been unhidden. I usually do the CU first, then the .NETs, and then the MSRT.

Reply | Quote

I never use Pause. I have Win10 Pro.
I don’t hide updates and install in my order, I let Windows Update install in whatever order it chooses.
The initial install was ALL of the updates in the queue, as I said above. I only hid KB5034441 when there was a download error, so it would not keep trying to install (read above).

Reply | Quote

PKCano wrote:

The initial install was ALL of the updates in the queue,

Yeah, I did read (and re-read) the above. I get the part about what you did with KB5034441. My question is basically this: How did the updates get in the WU queue today?

This is how I understand what I have read. Do I understand correctly? (I am still at a basic level, when it comes to updating.)
To start off, on Jan 9, you hid all of the updates when they were released, and then today you unhid them all at one time. And that’s how all of the updates were in the queue for WU to decide the order in which they were to be installed? And when WU got to KB5034441, the download failed. WU kept doing its thing and you stood by until WU gave you the official RESTART. But, before you RESTARTED, you re-hid KB5034441. Then when WU had finished everything, you unhid KB5034441 again and this time it downloaded and installed.

Reply | Quote

@WCHS –

The way I read PK’s post is that after getting the download error with 5034441, it was hidden. Then, the download and install of ALL of the remaining updates occurred through Windows Update, which was likely followed by the required reboot. After completing the reboot and letting things “settle” for a bit, PK probably then unhid 5034441 to attempt a download and install using Windows Update to see what would happen. Well, that turned out to be successful from the sounds of it!

I hope this helps clarify things for you a bit.

@PKCano , if I missed something, or got something wrong in this post, feel free to point that out for the sake of clarity here!  🙂

Reply | Quote

Please don’t try to paraphrase/reword/second guess what I say.

Reply | Quote

Today, I successfully installed KB5034441 and the other monthly updates on a spare PC running Windows 10 Pro x64 22H2 with a 500 MB recovery partition. Neither BitLocker nor device encryption are enabled on this PC. I did not run the PowerShell script.

Reply | Quote

PKCano wrote:

partition 2 is 14.65GB Recovery

My recovery partition is 499MB and not enough for KB5034441 update

Reply | Quote

Alex5723 wrote:

PKCano wrote: partition 2 is 14.65GB Recovery

That size indicates an OEM Recovery partition used to restore the PC/laptop to OOBE condition, not just the Windows Recovery Environment, although it may also contain the Windows RE.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

2 users thanked author for this post.

Alex5723, PL1

Reply | Quote

Quite possible it is. The contents are 5.6GB which could include a Win7 OEM ISO.
I only checked the size of the partition and RE info, didn’t look to see what else was there. But the RE Build is now 3930, so Win10.

Reply | Quote

I have posted here to complete my experience with the Win10 update installs. See #2628205 for what occurred with the first update. Note: Bitlocker is not installed on any of the three installs.

The two remaining Win10 Pro are in Parallels VMs, one on an Intel Ivy Bridge MacBook Pro and one on an Intel Kaby Lake iMac.

On the MacBook Pro, the Win10 installation had a close to 900MB Recovery partition that I did not resize. The Windows update queue contained KB5034441, KB5034122 CU 22H2 Build 19045.3930, .NET Framework, Defender, and MSRT as with the previous one. All installed without error, including KB5034441.

On the iMac, I used Mini Tool Partition Wizard to shrink the OS partition by 1GB and extended the Recovery partition to 1.54GB. The Windows Update queue offered all the updates including KB5034441. All updates installed without error EXCEPT, there was again the error on download (not install) on KB5034441. This time I did not hide it before the reboot.
After the reboot (no other errors), I let the computer stew for a half hour or so to complete the install, then revisited the Update queue. KB5034441 was again offered, and it installed successfully, this time with no error.

Who knows! It’s Microsoft…

1 user thanked author for this post.

WCHS

Reply | Quote

I have Windows 10 and I use the “pause updates” method to pause my updates.  This month,  the pause expires on January 31,  but it looks like MSDEFCON-1 will extend past January 31.  Is there a way for me to re-set the pause to a later date in Windows 10 without going into the registry?   I can’t seem to find a way to do that.  If the only other method involves going into the registry,  I’d prefer not to do that because I’m a little afraid of messing something up.  The “pause updates” method has been the easiest for me,  and so that’s the method I use.

 

 

Reply | Quote

10 Home or Pro?

The easiest method I can think of is to run WuMgr.
Click on the Auto Update tab.
Select Disable Automatic Update.
Reboot.

cheers, Paul

1 user thanked author for this post.

L95

Reply | Quote

Paul:  Thanks for your response.  In answer to your question,  I have Windows 10 Professional.   Is there a way to do it in Windows 10 Professional without using WuMgr?

Reply | Quote

L95 wrote:

Is there a way to do it in Windows 10 Professional without using WuMgr?

Yes, there is using GPEdit.

Computer Configuration – Administrative Templets – Windows Components – Windows Update – Windows Update for Business – Select when quality Updates are Received (open and enter pause number of days / date.

You should also set ‘Notify = 2’ (notify, don’t download / Install)

https://www.askwoody.com/forums/topic/2000016-guide-for-windows-update-settings-for-windows-10/

1 user thanked author for this post.

L95

Reply | Quote

My apologies if this solution has already been posted, but I inadvertently found a solution to this problem. After reading Susan Bradley’s posts and possible workarounds to this problem, I checked my partition size and found it inadequate for the KB5034441 installation. But, while working on another issue, I took Susan’s advice and did an “over the top” installation of Win 10. My issue was resolved. I also found that my Recovery partition size had increased from 465MB to 680MB.

This month, KB5034441 installed with no problems! I didn’t have to run any scripts, no manual resizing of partitions and their inherent problems. Just a simple “over the top” installation of Win 10 did the trick! Easy breezy!

2 users thanked author for this post.

mcbsys, Cybertooth

Reply | Quote

I have a 32-bit Win10 22H2 virtual machine. It was failing to install KB5034441 for months–the patch kept showing up the daily email I get of pending patches. I checked the machine when the patch first came out and there wasn’t enough free space in the WinRE partition to install it. I decided to wait and see if it fixed itself.

I just realized that the patch is no longer showing up in the email. Checked the machine and KB5034441 installed successfully on March 2, 2024. Ran my version of the Get-RecoveryPartitionInfo script to confirm:

Recovery Partition (build 3920) has 145 of 549 MB free
Recovery Partition path: \\?\GLOBALROOT\device\harddisk0\partition1\Recovery\WindowsRE
WinRE is on disk 0 in partition 1
Recovery Partition size: 549 MB
Recovery Partition free: 145 MB
WinRE Build Number: 3920
KB5034441 (Windows 10 patch) installed: True

So it seems something has changed–with no changes to the machine, the patch installed where it was previously failing to install.

Reply | Quote

I had a similar experience back in Jan., but it was more straight forward. KB5034441 failed on download (not install) on several of my installations. The rest of the updates (CU, etc) installed normally. Then KB5034441 installed without error second time around. The WinRE Build number was updated. See #2628205 and #2629983.

Reply | Quote

mcbsys wrote:

KB5034441 installed successfully on March 2, 2024

Is WinRE partition after C: partition or before C: partition ?

Reply | Quote