Microsoft has confirmed that it won't provide an automated fix for a known issue causing 0x80070643 errors when installing recent Windows Recovery Environment (WinRE) updates.
The problematic updates were issued during the January 2024 Patch Tuesday to fix CVE-2024-20666, a BitLocker encryption bypass vulnerability that allows attackers to access encrypted data.
The issue impacts Windows 10 21H2/22H2 (KB5034441), Windows 11 21H2 (KB5034440), and Windows Server 2022 (KB5034439).
On affected systems, it mistakenly shows generic '0x80070643 - ERROR_INSTALL_FAILURE' error messages instead of the correct CBS_E_INSUFFICIENT_DISK_SPACE error on systems with a Windows Recovery Environment (WinRE) partition that's too small for the update to install.
Microsoft first acknowledged this known issue in January, days after widespread reports from Windows users of 0x80070643 errors and the installation failing.
To address the installation problems, Microsoft told Windows users they must expand their WinRE partition by 250 MB to accommodate the new update, offering detailed instructions on how to do so. Microsoft later shared a PowerShell script to automate the installation of the BitLocker fixes after the WinRE had been properly resized
This script mounts the WinRE image, applies an architecture-specific Safe OS Dynamic Update you have to download from the Windows Update Catalog before running the script, unmounts the image, and reconfigures WinRE for BitLocker service if the BitLocker TPM protector is present.
Users are also advised to use Microsoft's Show or Hide Tool to hide the update after running the script so that Windows Update won't try installing it and displaying an error.
However, the manual steps for editing the WinRE partition are still too complicated for many Windows users, leaving them with an update that won't install and a 0x80070643 error in Windows Update.
Users asked to resize partitions manually
Today, Microsoft confirmed that it won't release an automated fix to address the issue causing the Windows update install 0x80070643 errors and asked customers to resize the WinRE partitions manually.
"Automatic resolution of this issue won't be available in a future Windows update. Manual steps are necessary to complete the installation of this update on devices that are experiencing this error, "Microsoft said.
"The WinRE partition requires 250 megabytes of free space. Devices which do not have sufficient free space will need to increase the size of the partition via manual action."
Microsoft says the users have two options:
- A script that can help extend the partition size: a sample script is available in the documentation for adding an update package to WinRE on the "Extend the Windows RE Partition."
- Manually resize the WinRE partition using guidance available in the KB5028997 support document.
"Completion of these manual steps will allow the installation of this update to succeed," Redmond said.
If you decide to resize the WinRE partition manually to fix this issue, it's also highly recommended that you back up your data since the system's partitions may be damaged during the process.
Comments
JohnC_21 - 1 month ago
And if your WinRE partition is the first partition instead of the last it's a real mess. I just hid the update.
GT500 - 1 month ago
Back when this first happened, I started the instructions to resize partitions before realizing that it wouldn't work if your recovery partition was the first partition, and ended up needing to boot from a GParted bootable USB drive and rearrange the partitions to fix it. Fortunately it worked and I was able to re-enable the recover partition and install the update, but it seems to only work if you have already reduced the size of the primary partition by the required amount. If the partitions are all still full size then GParted won't allow you to move them around.
jmwoods - 1 month ago
I would try MiniTool Partition Wizard.
ZeroYourHero - 1 month ago
The PS script they provided fixed mine.
mikebutash - 1 month ago
I had to do this on my vm, but what about organizations that need to do this across 20,000 systems, or face failing security updates?
It's not like users downloaded mp3's there, microsoft filled up their own provisioned space with clutter or some other ineffective regulation of highly finite space, they should take ownership to do some house cleaning to mitigate their screw up and lack of foresight by actually fixing this.
_Gilgamesh_ - 1 month ago
For me, it's much safer to completely remove the whole recovery partition to minimize the attack vector. If I need to boot to recovery I can always do it from the official Windows ISO if I don't have already prepared the recovery media.
noelprg4 - 1 month ago
as for me, I continue to use tools like wumgr, WAU Manager or even Microsoft's own wushowhide.diagcab app to hide/block the KB5034441 update
doncoyote - 1 month ago
"You're not the customer, you're just a user," said Microsoft, as they hid their laughter behind their hand.
edmoncu - 1 month ago
Adjusting boot partition is a risky thing already. Forcing users to do-it-yourselves is another.
mikebutash - 1 month ago
"Adjusting boot partition is a risky thing already. Forcing users to do-it-yourselves is another."
"Yes grandma, first I need you to click start, then type for me p-o-w-e-r-s-h.... I said right click on administrator goddamit! Ahhhhh kill me."
Yes, this will be lovely and simple for everyone to fix *themselves*. Thanks for the lulz microsoft.
Winston2021 - 1 month ago
"Bitlocker is not natively available on Windows 10 Home...Enabling device encryption on a Windows 10 Home system requires that your hardware meets certain specifications such as a Trusted Platform Module (TPM) chip." It doesn't because it is noted in Windows Update window that the machine is not Win11 capable.
So, how in the heck can I just set the system to ignore this N/A update and, also, why in the heck is it even trying to update a Win10 Home system which it should be able to detect is not BitLocker capable?
noelprg4 - 1 month ago
LEARN how to use the "wushowhide.diagcab" tool to hide or block unwanted Windows Update, winston2021
google search for "wushowhide.diagcab" and download that tool.
I have far LESS stress & headaches using either wushowhide.diagcab or WUMT (windows update minitool) to hide/block unnecessary updates like KB5034441. and if KB5034441 shows up again thru windows update on any of my Win10 PCs, I'll hide/block that update again and again with WUMT or wushowhide.diagcab.
Winston2021 - 1 month ago
Thanks, but that still doesn't answer why in the heck MS is even trying to update a Win10 Home system which it should be able to detect is NOT BitLocker capable in exactly the same way it detects it's not Win11 compatible (no Trusted Platform Module chip)?
NoneRain - 1 month ago
This kind of thing gives a lot of confidence on MS teams leading OS dev. What a mess.
noelprg4 - 1 month ago
and that's another reason why I use tools like wumgr, wushowhide.diagcab & WUMT or WAU Manager to hide or block crappy updates from Microsoft, which is a FAR BETTER solution than for Microsoft telling users to adjust/resize their recovery partitions.
NoneRain - 1 month ago
To hide the update is not a solution. You're just hiding the issue.
BOB42 - 1 month ago
It would more to the point if MS fixed this mess, of their making, before infesting the OS with ads and all the AI garbage. They also need to know that we use our PCs to actually do work, not to have to correct their mistakes.
Winston2021 - 1 month ago
"It would more to the point if MS fixed this mess, of their making, before infesting the OS with ads and all the AI garbage."
I finally figured out WHY MS decided to mess with a Start Menu perfected with user input over every Windows version thus far and block add-ons that can get us back to the classic style:
24 Apr 2024 - Microsoft Pushes Start Menu Ads to All Windows 11 Users
mikebutash - 1 month ago
"I finally figured out WHY MS decided to mess with a Start Menu perfected with user input over every Windows version thus far and block add-ons that can get us back to the classic style:
24 Apr 2024 - Microsoft Pushes Start Menu Ads to All Windows 11 Users"
Most of us new that was coming when we first looked at Windoze 10 and saw Candy Crush in your start menu. It was bound to only get worse from there, and now it's not just the tip, but the whole shaft.
I only use windoze in vm as a runtime container for Visio and M$ Project for business, I've simply not yet found better solutions, but I don't really *need* windoze otherwise. If I could effectively run Visio and M$ Project in Linux natively, that has been my desktop for 20 years, I most certainly would. Otherwise I mostly just pretend it isn't there, same as you would a java runtime environment or any other hypervisor.
tech_engineer - 1 month ago
I think Microsoft at one point tried to fix it automatically, then surrendered, as on one of my computers I found like 2-3 WinRE partitions, all the wrong small size.
mikebutash - 1 month ago
"I think Microsoft at one point tried to fix it automatically, then surrendered, as on one of my computers I found like 2-3 WinRE partitions, all the wrong small size."
That's sort of my impression of microsoft doing this, they determined there was too much risk trying to do it themselves and bricking computers, so put the onus on users to do so. FFS, really?
Now even this is sort of an "optional", this brings up the fact there is a problem waiting to happen, as how long until a more critical and necessary security fix does this as well? Are organizations and users going to simply block and NOT install it? Leave a bloody windoze system unpatched in the hands of lusers?
Apt teams and bad state actors thank you for you microsoft patronage.
aslanli - 1 month ago
If I'm not using BitLocker or TPM, do I still need to install this fix and go through the process of increasing the WinRE partition and implementing these other recommended fixes?
What problems might arise if I choose to ignore this update on my VM's?