Fix Windows 10 update error KB5034441 0x80070643
Windows 10 users are facing a hidden error that prevents the installation of the latest security update. While waiting for the official patch to be deployed, Microsoft is offering a solution to force the patch to be installed.
The first update of the year for Windows 10 and 11 arrived on Tuesday, with Patch Tuesday for January 2024. Without making major changes to the operating system, this delivery focuses on patching bugs and security vulnerabilities. Unfortunately, one component of the patch, security update KB5034441, ran into an issue and many Windows 10 version 22H2 users found themselves unable to install it.
To make matters worse, the Windows Update update management utility only returns a cryptic error code when the installation fails, which is of little use in understanding the root of the problem. Fortunately, after numerous user feedback, Microsoft was able to identify the flaw and published a series of instructions, entirely in French, to resolve the issue and allow the security update to be installed.
However, the procedure to be followed turns out to be complex and requires a series of command lines that are not necessarily accessible to everyone. Furthermore, according to initial feedback from some users, the workaround method suggested by Microsoft does not appear to be working systematically, with the update still refusing to install even after application.
What does error code 0x80070643 mean when updating KB5034441?
Patch Tuesday for Windows, released on Tuesday, January 9, 2024, provides a full series of bug fixes and vulnerabilities. In the package, security update KB5034441 addresses the vulnerability identified by CVE-2024-20666which allowed an attacker to bypass Windows' BitLocker encryption functionality and gain unencrypted access to encrypted data on the computer's storage device.
Unfortunately, on Windows 10-equipped computers, installing update KB5034441 returns an error message that is ambiguous to say the least and is unlikely to help users experiencing the issue.
in A help note dedicated to this issueMicrosoft says that Windows Update Manager should typically display a clearer error message, saying “The Windows Recovery Environment service failed. (CBS_E_INSUFFICIENT_DISK_SPACE).” However, there is another issue affecting the Windows Update error code processing routine that leads to incorrect recognition of the incident and display of the famous code “0x80070643 – ERROR_INSTALL_FAILURE”.
Once we solve this first puzzle, what do the typically expected error message and Microsoft memo tell us? To fix the vulnerability affecting BitLocker, update KB5034441 must create a new version of the Windows Recovery Environment (WinRE), on the Windows recovery partition. This partition is a storage space reserved on your computer's hard drive or SSD during operating system installation, and is used during repair or restore operations if a problem occurs.
However, the size of the recovery partition automatically created by Windows 10 during its installation is insufficient to accept the new version of Windows Recovery Environment (WinRE), hence the error message “Windows Recovery Environment Service Failed. (CBS_E_INSUFFICIENT_DISK_SPACE)” which should be displayed Usually instead of the code 0x80070643, which clearly indicates a storage space issue.
For example, on a computer with Windows 10 22H2 installed, we find a recovery partition with a size of 549MB, which therefore seems insufficient to accommodate the new version of WinRE.
To fix the problem, it will be enough to increase the size of the recovery partition, but this process is not that simple. Unlike other storage partitions, which can be resized via the Windows Disk Management tool, the recovery partition is created during the installation of the operating system, and one has to resort to command-line tools to manipulate it.
To allow Windows 10 users to install update KB5034441, Microsoft suggests manually resizing the recovery partition. You will find detailed instructions in French On this page.
Before embarking on this complex and somewhat risky process, it is necessary to evaluate its importance and opportunity. In fact, the vulnerability affecting BitLocker, while alarming, is ultimately limited in scope. To exploit it, an attacker must have physical access to the target computer, a somewhat specific scenario that concerns corporate computers containing more sensitive data than individual computers. Moreover, Microsoft is sure to deploy the patch that allows easy and automatic installation of update KB5034441 very quickly. Certainly, given the relative risk of the security flaw, the majority of users would be better off waiting for it to be propagated rather than engaging in command-line-based acrobatics.
However, if you're feeling adventurous and have an urgent need to fix the BitLocker vulnerability immediately, here's the deal to make. However, note that we tested the workaround method suggested by Microsoft ourselves, and it did not install the update, because it seemed to be missing a step to expand the size of the update partition.
► Open Command Prompt as administrator. To do this, open the menu To starttype the letters “cmd”, and then right-click on the result Command prompt Finally click on Execute as administrator.
► To verify WinRE installation, type the command detector c/information Verify its validity by clicking entrance. You can copy and paste the below command directly into the terminal:
reagentc /info
► If WinRE is installed correctly, you should get a result similar to the screenshot below, with “WinRE location: \\?\GLOBALROOT\device\harddisk0\partition5\Recovery\WindowsRE”. In this path, the numbers after “hard disk” and “partition” correspond to the WinRE disk indexes and partitions. Write it down, you will need it for future orders.
► Next, you should deactivate WinRE. Type the command Detector C/Disable Verify its validity by clicking entrance. You can copy and paste the below command directly into the terminal:
reagentc /disable
► Next, you need to shrink the operating system partition to free up additional space for the recovery partition. Type the command com. diskpart Verify its validity by clicking entrance. You can copy and paste the below command directly into the terminal:
diskpart
► Then type the command Menu tweak Verify its validity by clicking entrance. You can copy and paste the below command directly into the terminal:
list disk
► To select the disk, type the command sel tablet <فهرس قرص نظام التشغيل>, replacing the part between <> with the disk number obtained during the first command, 0 in this case. Validate by clicking entrance. You can copy and paste the below command into your terminal and add the disk index there manually:
sel disk
► Then type the command List pane Verify its validity by clicking entrance. You can copy and paste the below command directly into the terminal:
list part
► In the list, locate the main department number. In this case it is number 3. Then type the command The salt part <فهرس قسم نظام التشغيل>, replacing the part between <> with the system partition number. You can copy and paste the below command into your terminal and add the partition index there manually:
sel part
► Once the partition is selected, type the command Required reduction = 250 minimum = 250 Verify its validity by clicking entrance. You can copy and paste the below command directly into the terminal:
shrink desired=250 minimum=250
► You should then select the WinRE partition and delete it. Type the command The salt part <مؤشر قسم WinRE> By replacing the part between <> with the partition number obtained during the first command, after the text “partition” in the WinRE path. In this case it's number 5. If you have any doubt, check it out detector c/information At the beginning of this step by step, because you are about to delete a section, you should not make any mistake! You can copy and paste the below command into your terminal and add the partition index there manually:
sel part
► Finally, to delete the recovery partition, type the command Delete bypass section Verify its validity by clicking entrance. You can copy and paste the below command directly into the terminal:
delete partition override
You must then create a new recovery partition. Before that, you need to determine whether your storage partition type is GUID Partition Table (GPT) or Master Boot Record (MBR).
► Run the command Menu tweak like the previous. In the results list, check if the disk row in question, 0 in our case, has an asterisk * in the GPT column. Be careful, the line value may be offset from the column header, as shown in the screenshot below, so look carefully if the line ends with an asterisk *.
list disk
If the disk in question has an asterisk * in the GPT column, it is of type GPT. Otherwise, it is of MBR type. The next command to run depends on the type of disk, so be careful when typing it.
► If your disk is GPT, type the command first Create partition primary ID=de94bba4-06d1-4d40-a16a-bfd50179d6ac Verify its validity by clicking entrancethen type the command gpt attributes = 0x80000000000000001 Verify its validity by clicking entrance.
create partition primary id=de94bba4-06d1-4d40-a16a-bfd50179d6ac gpt attributes =0x8000000000000001
► If your disk is MBR type, type the command Create partition primary id=27 Verify its validity by clicking entrance.
create partition primary id=27
► In both cases, format the partition by typing the command Quick format fs=ntfs label=”Windows RE Tools” Verify its validity by clicking entrance.
► To verify the creation of the new WinRE partition, type the command Flight menu Verify its validity by clicking entrance. A list should appear containing a volume named Windows RE.
list vol
► To exit DiskPart, type the command exit And confirm by clicking entrance.
exit
► Finally, to re-enable WinRE, type the command Kashif c / enable Verify its validity by clicking entrance.
reagentc /enable
► Finally, you can check if WinRE is reinstalled correctly. Type the command detector c/information Verify its validity by clicking entrance.
reagentc /info
Once these long wizards are complete, you can try to reinstall update KB5034441 and restart your computer. However, keep in mind that as we mentioned earlier, this method did not work for many users, and you may still need to wait until Microsoft releases the official patch.