Newsletter Archives

• Taming BitLocker and other encryption methods

  Posted on February 5, 2024 at 02:42 CST by Susan Bradley • Comment in the Forums

  ON SECURITY

  

  By Susan Bradley

  Our audience consists of several different segments. As a result, there are many different risk levels.

  My risk tolerance may not be the same as yours, and vice versa. Ultimately, it comes down to your specific comfort level in your specific environment. And, of course, risk levels change over time.

  Once upon a time, we would authenticate to our mail providers in plain text, with usernames and passwords clearly visible, and send all emails in the same fashion. You could “tap” the line with special equipment read every email – in the clear. That’s no longer considered secure, so now nearly all mail providers offer some sort of protection, especially for the credentials.

  Read the full story in our Plus Newsletter (21.06.0, 2024-02-05).

  On Security BitLocker, CVE-2024-20666, Drive Encryption, encryption, FileVault, KB5034441, Newsletters, Patch Lady Posts, Personally Identifiable Information

• KB5034441 and KB5034440

  Posted on January 23, 2024 at 16:36 CST by Susan Bradley • Comment in the Forums

  I’ve been getting some emails regarding our coverage of the Windows Recovery partition problem. One question was whether this applies to Windows 10 only, or both Windows 10 and 11.

  It could be both.

  There are two specific Microsoft knowledge base posts about this  — KB5034441 for Windows 10 and KB5034440 for Windows 11. Both refer to CVE-2024-20666, BitLocker Security Feature Bypass Vulnerability.

  As I have previously noted, the problem showed up rapidly on Windows 10 PCs and, so far, rarely on Windows 11 PCs. That accounts for our slightly one-sided coverage. Also note that KB5034440 only calls out Windows 11 21H2. For Windows 11 22H2 and 23H2, the vulnerability noted in  CVE-2024-20666 is being patched as part of the cumulative windows update of KB5034123. We’ll have more on these nuances in next week’s alert.

  Windows Patches/Security CVE-2024-20666, KB5034440, KB5034441, Windows Update

• KB5034441 has led us astray, in a horrible way

  Posted on January 22, 2024 at 02:45 CST by Susan Bradley • Comment in the Forums

  

  ISSUE 21.04 • 2024-01-22

  PATCH WATCH

  

  By Susan Bradley

  What’s with this Windows recovery partition thing?

  If you’ve been following along, you know we’ve been discussing the update associated with a BitLocker vulnerability (described in KB5034441) that may require a resizing of the Windows recovery partition to resolve.

  Microsoft’s handling of this problem has been so terrible that I was driven to raise the MS-DEFCON level to 1, just the fifth time I’ve considered it necessary.

  Read the full story in our Plus Newsletter (21.04.0, 2024-01-22).
  This story also appears in our public Newsletter.

  Patch Watch CVE-2024-20666, Disk Management, KB5034441, KB5034957, MiniTool Partition Wizard, MS-DEFCON 1, Newsletters, Patch Lady Posts, REAgentC, Recovery Partition, Windows Recovery Environment, WinRE

• MS-DEFCON 1: Partition size blocks update

  Posted on January 10, 2024 at 14:28 CST by Susan Bradley • Comment in the Forums

  

  ISSUE 21.02.1 • 2024-01-10

  

  By Susan Bradley

  KB5034441 fails to install with error code 0x80070643.

  This failure is very unusual, so much so that I feel compelled to raise the MS-DEFCON level to 1. Do not install the update for KB5034441 unless you have BitLocker and are vulnerable to the risk of direct physical attack. If you have a system that doesn’t have the enough space in the recovery partition, the update will fail.

  I don’t want you to attempt to install it until you are confident it will have no effect on your system or until you have addressed the underlying problem.

  Anyone can read the full MS-DEFCON Alert (21.02.1, 2024-01-10).

  AskWoody Plus Alert, MS-DEFCON Alerts, CVE-2024-20666, KB5028997, KB5034441, MS-DEFCON, MS-DEFCON 1, Patch Lady Posts, Recovery Partition, Windows Recovery Environment

• 0x80070643 – ERROR_INSTALL_FAILURE with KB5034441

  Posted on January 9, 2024 at 22:02 CST by Susan Bradley • Comment in the Forums

  (Sneak peak of the information that will be in the upcoming Plus newsletter): If you have an older Windows 10 machine, those early machines often were set up by the OEM manufacturer with non-optimal partition sizes. I also have a home built Windows 10 that has hit this issue as well. This month’s security updates include a specific patch for prevent attackers from “This update addresses a security vulnerability that could allow attackers to bypass BitLocker encryption by using Windows Recovery Environment (WinRE)”. In a consumer setting where you do not have Bitlocker and have complete physical control of your computer this vulnerability is of extremely low risk to you. WHEN I give the approval to install updates, IF KB5034441 fails to install with error code 0x80070643, my advice to you is to use one of the tools noted at www.blockapatch.com to prevent the installation of this update.  To get this update to successfully install, you will need to manually adjust partition sizes in your C drive to allow the patch to install.

  

  If you are in a situation where you do want to patch this, that is you have Bitlocker or you just decide you want to do it. Microsoft has provided guidance:

  Some computers might not have a recovery partition that is large enough to complete this update. Because of this, the update for WinRE might fail. In this case, you will receive the following error message:

  • Windows Recovery Environment servicing failed.
    (CBS_E_INSUFFICIENT_DISK_SPACE)

  To help you recover from this failure, please follow Instructions to manually resize your partition to install the WinRE update.

  Known issue Because of an issue in the error code handling routine, you might receive the following error message instead of the expected error message when there is insufficient disk space:

  • 0x80070643 – ERROR_INSTALL_FAILURE

  Source: https://support.microsoft.com/en-us/topic/kb5034441-windows-recovery-environment-update-for-windows-10-version-21h2-and-22h2-january-9-2024-62c04204-aaa5-4fee-a02a-2fdea17075a8

  Even with these steps I am still seeing people having issues getting this update installed (see answers forum).

  Remember at this time I DO NOT recommend installing updates.  Specifically with this patch, if you are not running Bitlocker, I would hide the update.  If you DO want to install this update, I will be doing a video of the necessary steps, and documenting what you need to do. But I recommend that you only attempt to fix the issue if you are using Bitlocker, or you are a geeky enough person that you just want to do it (you know who you are).

  Please note this issue is not as a result of untested patches – rather it’s a known issue and Microsoft expects us to deal with it.

  Windows 10, Windows Security CVE-2024-20666, KB5034441, Master Patch List, Patch Lady Posts