Windows

Microsoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability.

While the security issue was resolved during this month's Patch Tuesday, deploying KB5034441 on systems with a Windows Recovery Environment (WinRE) partition that's too small will fail and mistakenly show generic '0x80070643 - ERROR_INSTALL_FAILURE' error messages instead of the correct CBS_E_INSUFFICIENT_DISK_SPACE error.

As a workaround, until a fix is available, the company provides customers with affected systems detailed—and quite complex—instructions on how to resize their WinRE partitions on its support website.

If creating a new WinRE partition large enough to complete this update fails, you can run reagentc /enable to re-enable the partition.

"Devices attempting to install the January 2024 Windows Recovery Environment update (KB5034441) might display an error related to the size of the Recovery Environment's partition. We are working on a resolution and will provide an update in an upcoming release," Microsoft says in an update to the Windows release health dashboard. 

"It might be necessary to increase the size of the WinRE partition in order to avoid this issue and complete the installation. Note that 250 megabytes of free space is required in the recovery partition."

Windows Update 0x80070643 error
Windows Update 0x80070643 error (BleepingComputer)

​Script to update WinRE with BitLocker fixes

Microsoft has also released a PowerShell script that helps automate updating the WinRE partition to fix the CVE-2024-20666 flaw that allows for BitLocker encryption bypass.

The script addresses the known issue causing KB5034441 install failures on Windows 10 systems, leaving the devices vulnerable to attacks exploiting the BitLocker flaw that provides threat actors access to encrypted data.

When executed, it mounts the WinRE image, applies an architecture-specific Safe OS Dynamic Update you have to first download from the Windows Update Catalog, unmounts the image, and then reconfigures WinRE for BitLocker service if the BitLocker TPM protector is present.

After running the script, you should also use Microsoft's Show or Hide Tool to hide the KB5034441 update to prevent Windows Update from repeatedly trying to install the faulty update and displaying 0x80070643 errors.

If you decide to resize the WinRE partition manually, it's highly recommended that you back up your data, given that there's always a chance that your system's partitions may be damaged during the process.

Related Articles:

Microsoft won't fix Windows 0x80070643 errors, manual fix required

Microsoft removes Copilot app ‘incorrectly’ added on Windows PCs

Microsoft fixes VPN failures caused by April Windows updates

Windows 10 KB5039211 update released with new feature, 12 fixes

Microsoft: Windows Server 2019 updates fail with 0x800f0982 errors