Microsoft released the first Windows 10 and 11 Patch Tuesday updates of 2024 on the 9th with January"s KB5034122 and KB5034123 respectively. Aside from security patches, the one for Windows 11 also fixed some Wi-Fi troubles that led to networks not connecting or the Wi-Fi icon not showing.
In a separate article, the company also detailed another security fix for a BitLocker Secure Boot bypass vulnerability that is being tracked under ID "CVE-2024-20666." Microsoft said that the security flaw could allow threat actors to bypass BitLocker encryption if they manage to get physical access to an unpatched PC.
The issue was addressed by KB5034441 (on Windows 10) and KB5034440 (on Windows 11) which were WinRE (Windows Recovery Environment) updates.
Microsoft, however, also cautioned that inadequate space on the recovery partition could lead to a "0x80070643 - ERROR_INSTALL_FAILURE" error message when trying to install the WinRE WIM (Windows Imaging Format) update. The issue could be resolved by allocating an additional 250 MB of storage space to the recovery partition. Details on how to do that can be found in this dedicated article.
Microsoft wrote:
Some computers might not have a recovery partition that is large enough to complete this update. Because of this, the update for WinRE might fail. In this case, you will receive the following error message:
Windows Recovery Environment servicing failed.
(CBS_E_INSUFFICIENT_DISK_SPACE)Known issue Because of an issue in the error code handling routine, you might receive the following error message instead of the expected error message when there is insufficient disk space:
0x80070643 - ERROR_INSTALL_FAILURE
A few days later, the tech giant promised a fix. Although such a fix has not been delivered, the company later added that those without a Recovery Partition can skip the troublesome WinRE update.
During this time, Microsoft also published a PowerShell script for managed devices for the easy deployment of the WinRE update. The company, in the support document, explained:
The sample PowerShell script was developed by the Microsoft product team to help automate the updating of WinRE images on supported Windows 10 and Windows 11 devices. Run the script with Administrator credentials in PowerShell on the affected devices. There are two scripts available—which script you should use depends on the version of Windows you are running. Please use the appropriate version for your environment.
- PatchWinREScript_2004plus.ps1 (Recommended)
- This script is for Windows 10, version 2004 and later versions, including Windows 11. We recommend that you use this version of the script, because it is more robust but uses features available only on Windows 10, version 2004 and later versions.
- PatchWinREScript_General.ps1
- This script is for Windows 10, version 1909 and earlier versions, but executes on all versions of Windows 10 and Windows 11.
While these were first published in January 2024, Microsoft, a few days ago, made minor tweaks to the PowerShell script. The update might be to accommodate the recent Moment 5 release, similar to the new OOBE update.
The script now adds the ID of the vulnerability "CVE-2024-20666" in some of the lines and replaces "BootMenuUx.dll " with "winload.efi" on a couple of others indicating a change in the targeted file inside the System32 folder.
You can find the scripts in the support document (KB5034957) on Microsoft"s official website.