Microsoft has launched a PowerShell script to automate updating the Home windows Restoration Setting (WinRE) partition as a way to repair CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass.
This safety factor was once resolved within the KB5034441 safety replace launched previous this week all over this month’s Patch Tuesday.Â
The PowerShell script addresses a recognized factor inflicting KB5034441 set up screw ups on Home windows 10 programs, which leaves the gadgets at risk of the BitLocker encryption bypass flaw that permits get admission to to encrypted information.
When seeking to deploy the protection replace, customers record seeing 0x80070643 mistakes, pronouncing, “There have been some issues putting in updates, however we will check out once more later. When you stay seeing this and wish to seek the internet or touch strengthen for info, this may occasionally assist: (0x80070643).”
As Microsoft explains, this occurs as a result of as an alternative of exhibiting a CBS_E_INSUFFICIENT_DISK_SPACE error when the WinRE partition isn’t big enough, Home windows Replace incorrectly says the generic “0x80070643 – ERROR_INSTALL_FAILURE” error message as an alternative.
​This occurs since the WinRE symbol document (winre.wim) deployed when putting in the KB5034441 safety replace is simply too huge for the restoration partition.
To deal with the problem, Microsoft urged customers to create a bigger WinRE partition to have enough space for KB5034441 to put in.
Automate BitLocker encryption bypass patching
Whilst you’ll do that manually the usage of detailed—and rather complicated—directions, the corporate now additionally supplies a devoted PowerShell script that can assist you automate updating the WinRE partition (with no need to resize it first) and patching the CVE-2024-20666 BitLocker vulnerability.
“The pattern PowerShell script was once evolved by way of the Microsoft product workforce to assist automate the updating of WinRE photographs on supported Home windows 10 and Home windows 11 gadgets,” Microsoft stated.
“Run the script with Administrator credentials in PowerShell at the affected gadgets. There are two scripts to be had—which script you can use will depend on the model of Home windows you might be operating.”
When operating the script to your device, it mounts the WinRE symbol, applies an architecture-specific Secure OS Dynamic Replace you need to obtain from the Home windows Replace Catalog sooner than operating the script, unmounts the picture, after which reconfigures WinRE for BitLocker provider if the BitLocker TPM protector is provide.
​From BleepingComputer’s checks, you might also have to make use of Microsoft’s Display or Disguise Instrument to cover the KB5034441 replace after operating the script, so Home windows Replace would possibly not stay seeking to set up the buggy replace and show an error.
Moreover, if you select to manually resize the WinRE partition, additionally it is strongly urged to again up your information since there may be all the time the danger of your device’s walls getting broken when adjusted.
