Windows 10 KB5034441 security update fails with 0x80070643 errors
What makes us different from other similar websites? › Forums › Tech › Windows 10 KB5034441 security update fails with 0x80070643 errors
Tagged: 0x80070643, bug, Error, KB503444, security update, update fails, Windows 10, Windows 10 KB5034441
- This topic has 0 replies, 1 voice, and was last updated 11 months, 2 weeks ago by thumbtak.
- AuthorPosts
- January 11, 2024 at 10:44 pm #7090thumbtakKeymaster
Windows 10 users worldwide report problems installing Microsoft’s January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker.
Yesterday, as part of Microsoft’s January 2024 Patch Tuesday, a security update (KB5034441) was released for CVE-2024-20666, a BitLocker encryption bypass that allows users to access encrypted data.
However, when attempting to install this update, Windows 10 users are reporting getting 0x80070643 errors and the installation failing.
Error when attempting to install the KB5034441 update
On reboot, users will be greeted with a Windows Update screen stating that an error occurred and to try again later.
“There were some problems installing updates, but we’ll try again later. If you keep seeing this and want to search the web or contact support for information, this may help: (0x80070643),” reads the Windows Update error.
Windows Update 0x80070643 error message
In a support bulletin also published yesterday, Microsoft warns that when installing the KB5034441, users are supposed to see the “Windows Recovery Environment servicing failed, (CBS_E_INSUFFICIENT_DISK_SPACE)” error when the Windows Recovery Partition is not large enough to support the update.
However, a coding error causes the Windows Update to mistakenly display the generic “0x80070643 – ERROR_INSTALL_FAILURE” error message instead.
WinRE partition too small
When installing the KB5034441 security update, Microsoft is installing a new version of the Windows Recovery Environment (WinRE) that fixes the BitLocker vulnerability.
Unfortunately, Windows 10 creates a recovery partition, usually around 500 MB, which is not large enough to support the new Windows RE image (winre.wim) file, causing the 0x80070643 error when attempting to install the update.
Larger Recovery Partition on new Windows 10 install
- Open a Command Prompt window (cmd) as admin. BleepingComputer has an article explaining how to open a command prompt as admin.
- To check the WinRE status, run reagentc /info. If the WinRE is installed, there should be a “Windows RE location” with a path to the WinRE directory. An example is, “Windows RE location: [file://%3f/GLOBALROOT/device/harddisk0/partition4/Recovery/WindowsRE]\\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE.” Here, the number after “harddisk” and “partition” is the index of the disk and partition WinRE is on.
- To disable the WinRE, run reagentc /disable
- Shrink the OS partition and prepare the disk for a new recovery partition.
- To shrink the OS, run diskpart
- Run list disk
- To select the OS disk, run sel disk<OS disk index> This should be the same disk index as WinRE.
- To check the partition under the OS disk and find the OS partition, run list part
- To select the OS partition, run sel part<OS partition index>
- Run shrink desired=250 minimum=250
- To select the WinRE partition, run sel part<WinRE partition index>
- To delete the WinRE partition, run delete partition override
- Create a new recovery partition.
- First, check if the disk partition style is a GUID Partition Table (GPT) or a Master Boot Record (MBR). To do that, run list disk. Check if there is an asterisk character (*) in the “Gpt” column. If there is an asterisk character (*), then the drive is GPT. Otherwise, the drive is MBR.
- If your disk is GPT, run create partition primary id=de94bba4-06d1-4d40-a16a-bfd50179d6ac followed by the command gpt attributes =0x8000000000000001
- If your disk is MBR, run create partition primary id=27
- To format the partition, run format quick fs=ntfs label=”Windows RE tools”
- First, check if the disk partition style is a GUID Partition Table (GPT) or a Master Boot Record (MBR). To do that, run list disk. Check if there is an asterisk character (*) in the “Gpt” column. If there is an asterisk character (*), then the drive is GPT. Otherwise, the drive is MBR.
- To confirm that the WinRE partition is created, run list vol
- To exit from diskpart, run exit
- To re-enable WinRE, run reagentc /enable
- To confirm where WinRE is installed, run reagentc /info
After completing these steps, reboot Windows and check for updates in Windows Update to try and install the KB5034441 security update again.
Unfortunately, BleepingComputer has been told by a Windows 10 user that this update failed on their device even with a Windows RE partition that is 1 GB in size. Therefore, there is no guarantee these steps will resolve the issue.
As previously said, if you are uncomfortable performing these steps, you should wait to see if Microsoft offers an easier, automated solution in the future that allows the update to install.
- AuthorPosts
- You must be logged in to reply to this topic.