Microsoft issues KB5034440, KB5034441 Windows updates for BitLocker Secure Boot flaw

Update: Microsoft has confirmed a true fix is coming so users don"t have to manually work around the problem.


Microsoft released the first Windows 10 and 11 Patch Tuesday updates of 2024 earlier yesterday with the January updates KB5034122 and KB5034123 respectively. The updates are meant to address security issues within Windows. The one for 11 also fixes the recent Wi-Fi troubles that led to networks not connecting or the Wi-Fi icon not showing.

In a separate article, the company has also detailed another security fix for a BitLocker Secure Boot bypass vulnerability that is being tracked under ID "CVE-2024-20666". Microsoft says that the security flaw could allow attackers to bypass BitLocker encryption if they are able to get physical access to an unpatched PC.

The issue has been addressed by KB5034441 (on Windows 10) and KB5034440 (on Windows 11) which is a WinRE (Windows Recovery Environment) update. Microsoft in its bulletins explains:

KB5034440: Windows Recovery Environment update for Windows 11, version 21H2: January 9, 2024

Summary

This update addresses a security vulnerability that could allow attackers to bypass BitLocker encryption by using Windows Recovery Environment (WinRE).

...

KB5034441: Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: January 9, 2024

Summary

This update addresses a security vulnerability that could allow attackers to bypass BitLocker encryption by using Windows Recovery Environment (WinRE).

You cannot manually download this update from the Microsoft Update Catalog website as it will automatically be downloaded whilst you are connected to the internet alongside the Patch Tuesday update. The patch is being rolled out to both Windows 10 versions, 22H2 and 21H2.

Alongside this, Microsoft has also cautioned about inadequate space on the recovery partition which can lead to a "0x80070643 - ERROR_INSTALL_FAILURE" error message. It writes:

Some computers might not have a recovery partition that is large enough to complete this update. Because of this, the update for WinRE might fail. In this case, you will receive the following error message:

Windows Recovery Environment servicing failed.
(CBS_E_INSUFFICIENT_DISK_SPACE)

Known issue Because of an issue in the error code handling routine, you might receive the following error message instead of the expected error message when there is insufficient disk space:

0x80070643 - ERROR_INSTALL_FAILURE

You can fix this issue by allocating an additional 250 MB of storage space to the recovery partition. Details on how to do that can be found in this dedicated article.

Aside from this, the company has also addressed an RCE vulnerability for the recently released Printer metadata fixer tool.

Report a problem with article
Next Article

Alienware is launching its first wireless mouse and keyboard designed for pro PC gamers

Previous Article

Intel releases new Wi-Fi and Bluetooth drivers with BSOD and 'no Wi-Fi network found' fixes