Forum Discussion

SusanBradleyGeek's avatar
SusanBradleyGeek
MVP
Jan 12, 2024

KB5034441 fails to install with error code 0x80070643.

Feedback from a long time patcher here: The manner in which this particular update has been handled has been poor in my opinion. The update is only being pushed out to Windows update or Windows upd...
Windows 10 patching
shanen0's avatar
shanen0
Copper Contributor
Feb 17, 2024

PRSGroupITNo, she seemed to make it fairly clear that she was speaking on behalf of someone else who apparently didn't want to be clearly identified.

  • PRSGroupIT's avatar
    PRSGroupIT
    Copper Contributor
    Feb 19, 2024

    SusanBradleyGeek It's a great article. Very in-depth and detailed ,and I think you're spot-on in your criticism of Microsoft for the way they handled this update.

     

    I've found in most cases, the problem isn't that the partition is too small for the updated WindowsRE, but that it's too small to apply the update in-place. If WindowsRE is updated outside of the recovery partition, it can be returned with space to spare. The method I described above, which may not work in every case, temporarily moves the WindowsRE files to the system (C:) drive where the update can succeed--providing C: has adequate space--then returns the files back to the hidden recovery partition.

     

    I'm not sure if space would be a problem if we mount the recovery partition and perform an in-place, offline update to Winre.wim, but if so, the file could always be manually copied out, updated offline, and copied and back in. Microsoft supports offline updates using dism (https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-11).

     

    I can't imagine why Microsoft released the update that created this problem in the first place, but it's even more puzzling why they recommended a solution that involved a risky process of resizing a system partition and deleting the recovery partition.

    • MrNick's avatar
      MrNick
      Iron Contributor
      Feb 19, 2024

      Maybe they dont have another solution 🙂PRSGroupIT 

      • SusanBradleyGeek's avatar
        SusanBradleyGeek
        MVP
        Feb 19, 2024
        Here's what doesn't make sense to me:
        1. The risk of this vulnerability is in the enterprise space. Yet the patch isn't released to WSUS or on the Microsoft catalog site - those are the two landing spots for more enterprise patching.
        2. One could argue that in this era of cloud first that WU is the the right target channel, but it's also offered up to EVERY Windows 10 HOME pc that probably doesn't have a TPM, doesn't have bitlocker anyway (they can only do drive encryption and down on that platform it's probably not enabled by default. So why not
        3. have a more targeted deployment to ONLY those Windows 10 pro with bitlocker enabled. To release it to Windows 10 Home/Consumers that could possibly make their systems unbootable poking around their partitions is being more damaging to the consumer/home segment. There is little to no risk to a segment of patchers that problem aren't vulnerable to this security issue in the first place.

        As a FYI it was recommended to me to provide feedback to Microsoft in this venue. So I was trying as best as I could to be respectful. I am the long time patcher. So when I say "Feedback from a long time patcher": That's me I am talking about. I have been patching systems and computers and remember when Code Red hit the Internet and I couldn't figure out why ebay was so slow. Since before Microsoft update was a thing. Since before Patch Tuesday was on a Tuesday.

Resources