January 11, 2024 at 01:35PM
Microsoft released a PowerShell script to automate updating the WinRE partition and fix CVE-2024-20666, a BitLocker encryption bypass vulnerability. This addresses a known issue causing KB5034441 install failures on Windows 10, leaving devices vulnerable. The script applies an architecture-specific Safe OS Dynamic Update and reconfigures WinRE for BitLocker service. It’s advised to back up data before manual partition resizing.
Based on the meeting notes, here are the key takeaways:
– Microsoft released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition to fix CVE-2024-20666, a BitLocker vulnerability addressed in the KB5034441 security update.
– The PowerShell script addresses install failures of KB5034441 on Windows 10 systems which leaves devices vulnerable to the BitLocker encryption bypass flaw.
– Users reported seeing 0x80070643 errors when trying to deploy the security update, due to the WinRE partition not being large enough to accommodate the update, resulting in an “ERROR_INSTALL_FAILURE” message instead of displaying a disk space error.
– The PowerShell script automates the updating of the WinRE partition and patching the BitLocker vulnerability, but it requires administrator credentials and architecture-specific Safe OS Dynamic Update from the Windows Update Catalog.
– It is suggested to use Microsoft’s Show or Hide Tool to hide the KB5034441 update after running the script to prevent Windows Update from trying to install the buggy update and display an error.
– Furthermore, if manually resizing the WinRE partition is chosen, it is strongly advised to back up data due to the risk of system partitions getting damaged when adjusted.