• KB5034441 has led us astray, in a horrible way

    Home » Forums » Newsletter and Homepage topics » KB5034441 has led us astray, in a horrible way

    Author
    Topic
    #2629760

    ISSUE 21.04 • 2024-01-22 PATCH WATCH By Susan Bradley What’s with this Windows recovery partition thing? If you’ve been following along, you know we’v
    [See the full post at: KB5034441 has led us astray, in a horrible way]

    Susan Bradley Patch Lady/Prudent patcher

    Total of 21 users thanked author for this post. Here are last 20 listed.
    Viewing 72 reply threads
    Author
    Replies
    • #2629761

      Read the full story in our Plus Newsletter (21.04.0, 2024-01-22).

      Where is the Newsletter ?

      Not Found
      Sorry, but you are looking for something that is not here.

      * Got it 🙂

      Microsoft should have removed KB5034441 until a fix.

      Second, you may have an iPhone that is not giving you the normal texting tone. It’s unclear whether the recent upgrades to iOS 17 are triggering this or whether 17.2.1 will fix the issue.

      iOS / iPadOS 17.3 final will be released tomorrow.

    • #2629778

      I happen to have installed Windows 11 yesterday – it’s inevitable anyway and it gives me the time to get used to it before I have to update all machines at the office next year.

      I had a look at Disk Management when the upgrade finished. To my surprise, there’s 3 recovery partitions now? I’m not sure, but I recall there being only one recovery partition before the upgrade. Looks like the upgrade process splits up things?

      Resizing a partition should be relatively easy. Start Disk Management, select the partition, click Shrink Partition and you’re done. Unless. There’s Volume Shadow copies. Looks like they get stored at the end of a partition, and are marked as unmovable. In which case you have to disable Shadow Copies to get rid of those copies, then resize the partition and then switch back on Shadow Copies.

      • #2629838

        In my experience, each ‘install’ puts a new Recovery Volume in place, which supercedes existing ones leaving them isolated and of no use. [That is, that can be deleted without issue].
        Having looked at what went on a year ago, I now only install new or updated versions booted from USB and use the option that allows me to clear all the partitions so that the install starts with a blank drive.

        I’ve just tested Win10 and Win11 ‘blank installs’ this morning on my new mini PC and found that Win10 22H2 creates a 530MB Recovery Volume and Win11 23H2 creates a 775GB Recovery Volume. In each case, the WINRE.WIM is different size.

        Microsoft assume you want to fill the Disk, so they allocate the Recovery Volume at the end, and fill the rest with the C: Volume. After install, I immediately shrink the C: Volume and ‘move’ the Recovery Volume ‘to the left’ with a third party partition manager to allow growth in the future.

        1 user thanked author for this post.
    • #2629779

      Resizing a partition should be relatively easy.

      Not when recovery partition is preceding C partition.

      2 users thanked author for this post.
      • #2630360
        Resizing a partition should be relatively easy.

        Not when recovery partition is preceding C partition.

        Not to mention those of us who dual-boot. And to have to move a Linux partition? Good luck with that.

        -- rc primak

    • #2629816

      What do I do if reagentc /info returns “Disabled” for Win RE ??

      ppp

      • #2630371

        What do I do if reagentc /info returns “Disabled” for Win RE ??

        That’s actually perfectly normal behavior. The partition is disabled unless you have invoked troubleshooting options like Safe Mode. You should test the functions of the WinRE partition from time to time. Just boot into Windows Safe Mode. That will prove whether or not you have a functional WinRE partition and Recovery WIM.

        -- rc primak

        • #2630388

          That’s actually perfectly normal behavior.

          No.  WindowsRE must be enabled in order to run Settings > Windows Update > Advanced options > Recovery > Advanced startup > Restart now (or click Start, hold the Shift key down and select Restart).  By default, WindowsRE should be enabled.

          @MartyHs screenshot shows Windows RE location as blank.  Marty does not have a functioning Windows Recovery Environment.  Safe Boot won’t do anything for that condition.  For more information visit WinRE.

          Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
          We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

          2 users thanked author for this post.
        • #2630476

          The partition is disabled unless you have invoked troubleshooting options like Safe Mode. You should test the functions of the WinRE partition from time to time. Just boot into Windows Safe Mode. That will prove whether or not you have a functional WinRE partition and Recovery WIM.

          Safe Mode doesn’t use WinRE.

          1 user thanked author for this post.
      • #2630493

        What do I do if reagentc /info returns “Disabled” for Win RE ??

        …By default, WindowsRE should be enabled.

        Toward that end, wouldn’t the solution be to run the “reagentc /enable” command to re-enable the Recovery Environment or are there other steps to perform first before re-enabling the Recovery Environment in MartyHs’s case?

        • #2630512

          Toward that end, wouldn’t the solution be to run the “reagentc /enable” command to re-enable the Recovery Environment or are there other steps to perform first before re-enabling the Recovery Environment in MartyHs’s case?

          The /enable switch won’t work because the location of the partition is unknown.  It should look something like this:

          Windows Recovery Environment (Windows RE) and system reset configuration
          Information:

          Windows RE status: Enabled
          Windows RE location: \\?\GLOBALROOT\device\harddisk5\partition5\Recovery\WindowsRE
          Boot Configuration Data (BCD) identifier: 215ceeaa-7c2d-11ee-ade0-cfc79b94deb9
          Recovery image location:
          Recovery image index: 0
          Custom image location:
          Custom image index: 0

          REAGENTC.EXE: Operation Successful.

          The important pieces of information are:

          Windows RE location: \\?\GLOBALROOT\device\harddisk5\partition5\Recovery\WindowsRE
          Boot Configuration Data (BCD) identifier: 215ceeaa-7c2d-11ee-ade0-cfc79b94deb9

          This can be a bit confusing, as the location as noted by Reagentc does not necessarily jibe with the actual physical location of the partition.  It can, but often doesn’t.

          Disk-Management

          As you can see, the Recovery Environment partition is actually harddisk5\partition1.  Nevertheless, everything works as it should.  To find the location of WindowsRE open an elevated Command Prompt and then DISKPART (type diskpart and hit Enter).  Then type “list vol” (without the quotes) and hit Enter.  The volumes are partitions for all drives.  In the resulting display, if there is a WindowsRE partition, it will have no drive letter and in the Info column it will be Hidden.  Diskpart will likely also have it in a different location.  For me, it’s Volume 19.

          Diskpart-1

          Three different Windows tools, three different ways of looking at the same thing.  And yet, it works.

          For more information, see WinRE.

          Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
          We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

          2 users thanked author for this post.
          • #2630544

            Three different Windows tools, three different ways of looking at the same thing.

            What is the difference between a volume and a partition?
            When I did the ‘list vol’ and the ‘list partition’ commands, the order of the items was not the same in both.

            The ‘list partition’ order matches the Disk Management map, where the ESP is 1st, a small reserved partition is 2nd, the OS (C:) is 3rd, and WinRE is 4th.

            But, ‘list volume’ puts the OS (C:) 1st, the ESP 2nd, and WinRE 3rd.

            • #2630583

              What is the difference between a volume and a partition?

              In DISKPART, the “list vol” command displays a list of basic and dynamic volumes on all disks, e.g. partitions.  To list partitions, one must first select a particular disk.

              Disk-list

              The volumes and partitions are for all intents and purposes the same thing, but DISKPART enumerates them from different sources, and provides different properties in its display of each.

              When I did the ‘list vol’ and the ‘list partition’ commands, the order of the items was not the same in both.

              Which tells me you have only one disk.  If you had more than one disk, the “list partition” command would have given you, “There is no disk selected to list partitions.
              Select a disk and try again.”  Followed by a listing of all switches and their functions.  Having only one disk, it is, by default, selected.

              The ‘list partition’ order matches the Disk Management map, where the ESP is 1st, a small reserved partition is 2nd, the OS (C:) is 3rd, and WinRE is 4th.

              I’m not absolutely certain, but I believe that the partition order for a selected disk (if you have only one disk, it is the default disk selection) is enumerated by Disk Management.  In all my systems, that is the order.  The volume order, on the other hand, may come from the registry.  For example, I have 7 SSD’s and 20 volumes.  Volumes 1, 2, 3 and 4 are on disk 0, but not in that order.  The partition order for disk 0 is volume 4, 1, 2, 3.  Similarly, on disk 5 are volumes 15, 16, 17, 18 and 19, but the partition order is 19, 15, 16, 17, and 18.  It may have something to do with volume 4 and volume 19 are System partitions, and that’s why they are listed last on the disk in volume order.  The other volumes actually line up with Disk Management.  List partition doesn’t display much, but list volume displays a lot more information.

              Vol-list

              DISKPART is a very old part of Windows.  I don’t think it has been changed much since GPT was introduced.  It’s difficult to find any definitive information on its intricacies, but it remains a powerful tool.

               

              Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
              We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

              2 users thanked author for this post.
    • #2629820

      So far Dell Windows 10 systems I’ve checked don’t have an issue with KB5034441.  Windows 10 systems loaded off an official Microsoft ISOs only have a recovery partition in the 500-522MB range and fail.  Those I’ve blocked with wushowhide.

      My Windows 11 laptop with Bitlocker enabled was loaded from the Microsoft 21H1 ISO.  It installed the January update without error.  It’s recovery partition was about 1GB.

      I agree with Alex5723…  KB5034441 should have been pulled.

      1 user thanked author for this post.
    • #2629825

      You said:

      “That’s why I always urge you to explicitly disable device encryption on a Windows 11 PC”.

      I would like to know how to make sure then, explicitly, that Bitlocker never gets turned on, by accident or nefarious activity (Win11 Pro, at home).  As it stands, it is off for all drives (Control Panel), but clearly MS can force it should they choose (as in the OOBE discussions elsewhere and your story about the use of other MS accounts).

      In the GP editor, I can set ‘Control use of BitLocker on removable drives’ to Disabled, and it seems fair to use ‘Enforce drive encryption type on operating system drives’ set to Disabled, but there is no “Control use …” option for data or OS drives.  The rest is obscure.

      What is the best, definitive, total-disable method?  Some full guidance I am sure would be widely appreciated.

      Thanks.

       

       

       

    • #2629832

      What happens if your system does not have a recovery partition? (Yes I have a recovery disk I update monthly.)

      • #2629850

        I have two systems that didn’t have WINRE partitions. They both failed with the vague Windows Update error message. I base my recovery on Macrium Reflect images, so I’d deleted the WINRE partitions.

        I ‘fixed’ the EFI/GPT system by restoring the WINRE partition from the Macrium image I took prior to deleting it and the successfully ran WU; the BIOS/MBR system I had didn’t have an Image, so I allocated a 1GB one but the WU still failed on that one so I hid the update.

        3 users thanked author for this post.
      • #2630373

        What happens if your system does not have a recovery partition? (Yes I have a recovery disk I update monthly.)

        As long as you have other recovery methods the worst that happens is that you have to create a “dummy partition” as if you were going to install a WinRE partition. The process is a bit technical, so I won’t get into it here. As long as you have other recovery options available, the WinRE partition is optional.

        -- rc primak

    • #2629833

      When I entered in reagentc /info I get this:

      Powershell-Info

      • #2630381

        When I entered in reagentc /info I get this:

        You can run the command

        reagentc /enable

        and after that completes, run

        reagentc /info

        again.

        Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
        We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

    • #2629791

      Hi Susan,
      Thanks for the info.
      I do have a question though: If I understand correctly from your posts and from information on the internet this update only applies to Windows 10 (21H2 and 22H2), not to Windows 11. Is that correct?
      If so, maybe the defcon should be different for Windows 10 and Windows 11? I mainly use Windows 11, so that is a valuable distinction for me 😊

      Thanks,
      Frank

      • #2629866

        Hi Susan,
        Thanks for the info.
        I do have a question though: If I understand correctly from your posts and from information on the internet this update only applies to Windows 10 (21H2 and 22H2), not to Windows 11. Is that correct?
        If so, maybe the defcon should be different for Windows 10 and Windows 11? I mainly use Windows 11, so that is a valuable distinction for me 😊

        Thanks,
        Frank

        KB5034441 is a separate security update for Windows 10.  It’s included in the January 2024 cumulative update for Windows 11.  If the recovery partition is too small then the entire cumulative update will fail.

        1 user thanked author for this post.
        • #2629875

          It’s included in the January 2024 cumulative update for Windows 11.  If the recovery partition is too small then the entire cumulative update will fail.

          Has that happened to anyone?

          • #2630377

            It’s included in the January 2024 cumulative update for Windows 11.  If the recovery partition is too small then the entire cumulative update will fail.

            Has that happened to anyone?

            Yes, apparently. (2024-01 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5034123) failure, tried multiple suggestions..)

             

            -- rc primak

            • #2630511

              Yes, apparently. (2024-01 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5034123) failure, tried multiple suggestions..)

              No mention of recovery partition there, only component store corruption (which was resolved).

              1 user thanked author for this post.
          • #2630372

            This error happened to me on my newly built Windows 11 PC (April 2023).

            After this story first broke I checked Event Viewer and found “WinREAgent” eventid 4502

            I spent many hours over several days trying to make sense of this mess.

            There were files on the root of the Windows partition (C:) for the Recovery update, I don’t have the names because I deleted them after rebuilding the Recovery Partition, but copied the file “update.wim” to C:\Windows\System32\Recovery

            The partition was 650 MB.

            I disabled it: reagentc /disable

            then resized it to 1 GB

            then used diskpart with help from here: https://christitus.com/reagentc-windows-recovery-partition/

            then re-enabled it: reagentc /enable

            Now the Recovery Partition is updated and ready for future Windows updates.

            • #2630520

              This error happened to me on my newly built Windows 11 PC (April 2023).

              Which error?

            • #2631113

              The Event Viewer lists 3 errors, Event ID 4502, on each of these WU dates:
              2023-11-15
              2023-12-13
              2024-01-09

              And says this:
              Starting Windows Recovery Environment servicing.
              Windows Recovery Environment servicing failed.

        • #2630702

          And once again, yet another instance of Microsoft’s bad idea to bundle the monthly updates instead of letting us choose which updates we want each month, strikes again. Win10 gets to block it, win 11 has to suffer, figures…

          2 users thanked author for this post.
          • #2630732

            FAR less of us with Windows 11 (if any) are suffering from any adverse effects of January updates than those with Windows 10.

    • #2629827

      This may help you with the question of why you have two recovery partitions:

      https://forum.macrium.com/64481/Warning-Windows-11-22H2-update-ADDS-a-second-recovery-partition

      3 users thanked author for this post.
    • #2629900

      Physical attacks against consumer PCs are highly unlikely, whether BitLocker is enabled or not.

      I don’t understand why you choose to ignore the fact that millions of laptops are stolen each year (thousands each day), and that 57% of identity theft starts with a stolen laptop.

      Is theft of a consumer laptop less likely than theft of a business laptop?

      2 users thanked author for this post.
      • #2629924

        I  guess in the US all is better, bigger and more nice;
        so all evil is coming from . . . .

        * _ being 20 in the 70's was fun _ *
    • #2629874

      Am I wrong to assume that because I’m using Windows 10 Home 22H2 and don’t have BitLocker that this update will not affect my PC?

      • #2629934

        Yes.

        1 user thanked author for this post.
        • #2629948

          This is a very naive question: if the update installs on a Windows 10 22H2 PC that does not have Bitlocker enabled, can you just uninstall it?

          • #2629949

            If it installs successfully, leave it alone. There is no reason to remove it.

            --Joe

            2 users thanked author for this post.
            • #2630474

              I am using Win. 10 22H2 and Bitlocker has never been enabled. If I don’t have sufficient space in my recovery partition, the update will fail – but I don’t need it anyway (see attached snip). If it installs, I can leave well alone. I seem to be missing something: where is the problem? Many thanks, TSP.

            • #2630485

              …I seem to be missing something: where is the problem?…

              Although you may not be affected by it (you refer to your recovery partition, so the update may try to install and fail if it doesn’t have enough room to work), the problem lies in wait for those who may very well be affected: Those who have a recovery partition that’s too small and who are currently actively using BitLocker to keep their hard drive/SSD fully encrypted so they have BitLocker fully enabled.

              I said “may very well…” above because there have been reports on here (in other threads) from folks who have Windows 10 22H2 and have had no problem with the update in question, KB5034441.

            • #2630510

              Many thanks for confirming I won’t be negatively affected by this update. Of course I realise that there is a problem for those reliant on Bitlocker, but unfortunately I am not in a position to assist them. I am responsible only for my own systems and so was enquiring whether I have anything to worry about. It seems not.

            • #2630515

              I restated my post above (after rereading your post), to reflect that you indeed MAY be affected by the issue after all because it sounds as if you do have a recovery partition. The item from Microsoft’s bulletin that you attached to your post only gives the all clear to those folks who don’t have a recovery partition at all (under the heading of “Next step” it says “You do not need this update if the PC does not have a recovery partition.”.

              My apologies for the potential disappointment.

              For now, your best move might be to hide it, if you haven’t already, and wait for the current mess to blow over via an update that is smart enough to know if it’s even needed on a particular machine before it tries running a routine to update the recovery partition.

            • #2630525

              You’re focussing on the wrong part of my snip, Bob. In the first two paragraphs, it states “if the recovery partition does not have sufficient free space, this update will fail.” Since I don’t need the update, it’s failure is not a problem for me. Presumably if there is sufficient free space it is likely to install successfully, and that’s not a problem, either. So I’m still unclear what I should be worried about. Many thanks for your help, TSP.

        • #2630526

          Am I wrong to assume that because I’m using Windows 10 Home 22H2 and don’t have BitLocker that this update will not affect my PC?

          Yes.

          Why is Ronald L Vanover wrong to assume that? Haven’t I read that it will fail, but will not no effect.
          What about Susan’s statement in the Newsletter?

          Don’t worry if you can’t stop the update before it attempts to install. It will do no damage. It will merely attempt to install and fail.

          1 user thanked author for this post.
          • #2630532

            Why is Ronald L Vanover wrong to assume that? Haven’t I read that it will fail, but will not no effect.

            No bad effect. But unless blocked it will attempt to install. So the update will affect his PC.

            What about Susan’s statement in the Newsletter?

            Don’t worry if you can’t stop the update before it attempts to install. It will do no damage. It will merely attempt to install and fail.

            It’s not failing on every Windows 10 computer. Susan also said, “If that space is available, and even if your machine does not have BitLocker enabled, the update should install without error.”

            1 user thanked author for this post.
    • #2629980

      My Recommend Options:

      Option 1. Wait. Microsoft said they will fix the issue – probably next month.

       

      Option 2. Apply the Microsoft Patch that fixes the vulnerability (this is NOT resizing the partition):  https://support.microsoft.com/en-us/topic/kb5034957-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2024-20666-0190331b-1ca3-42d8-8a55-7fc406910c10

       

      Option 3. If you have Bitlocker on your laptop or other mobile device, you should have your Bitlocker setup so that you must type in a PIN before it will boot. This is the best and safest way to use Bitlocker. This vulnerability does not apply if you are setup with a Pre-Boot PIN. In other words, it will prevent this exploit.
      If TPM+PIN BitLocker protectors are being used, can the vulnerability be exploited if the attacker does not know the TPM PIN?
      No. To exploit the vulnerability the attacker needs to know the TPM PIN if the user is protected by the BitLocker TPM+PIN.  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20666

      Here is how to add a Pre-boot PIN: https://www.howtogeek.com/262720/how-to-enable-a-pre-boot-bitlocker-pin-on-windows/

      Critical: You must keep a copy of your Recovery Key. This is mandatory!! if you don’t, you risk losing everything on your drive permanently.   https://support.microsoft.com/en-us/windows/back-up-your-bitlocker-recovery-key-e63607b4-77fb-4ad3-8022-d6dc428fbd0d

       

       

       

      2 users thanked author for this post.
    • #2629985

      Still kind of lost and dont know what to do. I have to tangle with it somehow since I am only paused until the 11th next month…

      • #2632412

        Jim, I was successful in the past by clicking on “Resume Updates”, then immediately clicking on “Pause Updates”.  It stopped the update process in its tracks, but reset the clock for pausing, and let me set it to pause for 5 more weeks.

        2 users thanked author for this post.
    • #2629991

      Although I intend to block this update as you have advised, I do have a few questions:

      1) Why does “reagentc /info” not list a Windows RE location?

      2) Diskpart indicates that Disk 1 Volume 4 is WINRETOOLS. Is that the Windows Recovery Partition? (Note, Disk Management lists 3 recovery partitions, which are apparently volumes 4, 5 and 6 as listed by Diskpart, i.e., WINRETOOLS, Image and DELLSUPPORT.)

      3) EaseUS Partition Master indicates that the WINRETOOLS partition has 435 Mb free. Does that mean that the update would succeed if actually applied at this time?

      Note: I am not using BitLocker.

      • #2630057
        1. reagentc doesn’t list a Recovery partition location because Windows hasn’t been told its location. When you invoke WINRE recovery, Windows needs to know which partition to load code from.
        2. “Be careful out there”; there are two types of recovery partition,  WINRE and OEM Vendor.  They both have the same attribute set in the GPT/MBR type fields, so it’s confusing if you have more than one!  Looks like you have at least one Dell Recovery partition which isn’t designed to be used with WINRE.  OEM partitions are to recover to the condition of a new device.
        3. It’s unclear as to how much space the update really needs; it seems to me that this is simply a case of a) locate the WINRE partition and b) replace the WINRE.WIM file there. But it seems that not having one [your situation, as reagentc doesn’t think you’ve got one], or not having enough space within it for the new enlarged replacement one if you do have one,  will cause the update to fail.
        4. Just checked my Win10 Pro WINRE partition [which updated successfully] and the new WIM is 475.3MB in size!

        Remember; when you copy a file with the same name as an existing file, what actually happens is that it copies the new one and only deletes the old one if the copy works.  The new WIM is over 400MB and therefore needs over that in free space for the copy to be viable.

        Note that BitLocker is unrelated to this update really; this update is a WINRE WIM update CAUSED by known BitLocker issues in the code.

        1 user thanked author for this post.
    • #2630000

      Thank you Susan for all that you do!  And you are blessed to have the patience to deal with all of this AND be able to clearly describe what Microsoft mucks up all too often.  You describe things in paragraphs.  Microsoft describes the same thing in PAGES with links to loads of other bloated pages.

      Add this to the list of other ‘WTF was microsoft thinking?’

      • Change Azure active directory to Entera
      • Change m365 subscription names
      • Complicate move to NCE –  Not sure why distis had to have hours long webinars to say ‘Microsoft is moving from monthly commitment licenses to annual commitment licenses, They won’t have cancellations / prorating after 7 days. If you want monthly licenses, you’ll pay 20% more.  QED’.
      • Saying win 10 is the last OS, then it isn’t.
      • So many other things that I can’t think of right now, ’cause my brain is fried, trying to keep up with fixing things they break.
      • Complicating most anything they touch.

      How are they as big as they are?  Any other company that pulls stunts like they do would have folded long ago.  I’m NOT taking issue with them wanting to make $$.  But maybe focus on making quality products, not just doing mindless changes, complications, and changes that break so much else.

      2 users thanked author for this post.
    • #2630014

      Has anyone tried the PowerShell script that MS provided to update the WinRE? The script apparently completes the update without the need to resize the WinRE partition. The partition size is too small for the update on my Windows 10 system, plus it’s located before the C partition not after, followed by a 100MB EFI System partition. I don’t have Bitlocker enabled, but I am curious if the script would work in my scenario.

    • #2630024

      First, a big thank you to Susan for posting this very helpful discussion which nicely lays out the nature of why this patch fails and the options for dealing with KB5034441. I am capable of reducing the size C:/ primary partition and deleting the Winre partition / recreating a new larger Winre partition to install this patch. My issue is that I do not need this patch on my home desktop which has never had bitlocker enabled and never will as it is near end of life and will be replaced sometime next year. Why should I take the uncompensated risk of resizing/deleting partitions just because MS decided to push this patch? My Winre partion is 538mb and will not have sufficient available space for the update to install. Even though I can address the issue, I will hide this update after it fails out because altering the partions on a fully patched, perfectly functioning system forces me to underwrite an uncompensated risk because MS was arrogant enough to push a patch that they had to know would cause widespread installation fails on W10 systems. At this point, they should pull KB5034441 and make it available as an optional download for systems that truly have a need. I just cannot fathom the things that come out of Redmond sometimes.

      1 user thanked author for this post.
    • #2630033

      I followed the steps in Susan’s article on a Windows 10 computer.  My computer happened to come with a 1G recovery partition of which 630M is being used for something (I have no idea what) and 394M is shown as available.  Does this mean that the messed up update should install without problem on my machine since only 250M is required.?

    • #2630064

      I have followed Susan’s advice regarding kb 5034441, and downloaded wushohide, but when I run it, not only does 5034441 not show at all, but neither do any other Microsoft updates, only one for my sound card. I have deferred all updates until the end of January, but surely this wouldn’t hide all of Microsoft’s updates would it?

    • #2630069

      Hi Susan,

      I’m trying to block the KB5034441 update. I too have 2 recovery partitions on my Win 10 Pro 22H2 system, and I confirmed that partition 5 is not large enough. I use GRC InControl to block Windows update until at least 2 weeks after Patch Tuesday. In this case, I have blocked WU until February 1st.

      The problem I’ve encountered is that neither WUshowhide.diagcab nor Windows Update Mini Tool find KB5034441 because I have Windows Update blocked. If I enable Windows Update, won’t it download all the patches it finds, including KB5034441, and immediately install them? How does one block this update from downloading before allowing Windows Update to find it? Thanks!

       

      • #2630125

        InControl only controls Feature (21H2 -> 22H2) and Version (Win10 -> Win11) updates. It does NOT control or block monthly Cumulative Security updates.

        Windows Update, wushowhide, and Windows Update Mini Tool ALL use the Windows Update Service to scan for updates. If you use Pause to block updates, it disables the Windows Update Service. Then none of the other tools you have will work either.

        Use only Windows Update Mini Tool to control your updates, choosing the updates you want and hiding the ones you don’t. Do not use Pause on top of it because you block it’s control. And, WUMT basically takes over control from Windows Update.

        2 users thanked author for this post.
        • #2630150

          Same problem for me as noted:  Windows 10, updates paused, run WUMT, KB5034441 not found because I paused the updates per Susan.  If I unpause the updates, they run right away and all of the January updates will be installed.  So how can I tell Windows 10 to NOT use the Windows Update Service so WUMT can take over control from Windows Update.  I would like to hide KB5034441 in Windows 10 before it tries to install.  Step by Step instructions would be very helpful.  Thanks!

          1 user thanked author for this post.
          • #2630160

            When you unpause it will show up.  Even if it fails to install, no worries just use wushowhide.

            Additionally I was able to do it fast enough to hide it as typically the main Windows 10 update is wanting to come down and install first.

            Susan Bradley Patch Lady/Prudent patcher

            2 users thanked author for this post.
          • #2630168

            Turn ON Metered Connections.

            Resume updates. Some of the smaller updates may download/install in spite of Metered Connections, but it should stop the bigger ones like the CU. You should see an error about this in Windows Update.

            Open WUMT. Now WUMT should be able to scan for updates and you can block/hide the ones you don’t want. If you h1de ALL of them it finds, now you have control to unhide only the ones you want when there is DEFCON approval.

            After Window Update rescans on it’s own, note that the hidden updates won’t show in the Windows Update queue. Do not use Pause again. Use only WUMT to control updates.

             

            5 users thanked author for this post.
    • #2630156

      I have both Win 10 Home Desktop and an Win 11 Pro Laptop. Neither of which have BitLocker enabled. The latter of which I disabled myself. I don’t have the necessary skills to use any pausing or delaying software updates on two separate machines. I’ll just wait until MS fixes the issue on it’s own. I have just the basic Windows Update Pausing on both machines. That’s all the defense I can muster. So, if I need to. I will wait until I am forced to update both machines. Which my calculations are at the end of the month.

    • #2630254

      Hi Susan,
      Thanks for the info.
      I do have a question though: If I understand correctly from your posts and from information on the internet this update only applies to Windows 10 (21H2 and 22H2), not to Windows 11. Is that correct?
      If so, maybe the defcon should be different for Windows 10 and Windows 11? I mainly use Windows 11, so that is a valuable distinction for me 😊

      Thanks,
      Frank

      KB5034441 is a separate security update for Windows 10.  It’s included in the January 2024 cumulative update for Windows 11.  If the recovery partition is too small then the entire cumulative update will fail.

      So for Windows 11 is the only option to block the entire cumulative update?

      Bill

      • #2630273

        So for Windows 11 is the only option to block the entire cumulative update?

        There’s no reason to do so, as there are no known issues with January 2024 updates for Windows 11 versions 22H2/23H2.

        2 users thanked author for this post.
    • #2630280

      After you get Windows Update under WUMT control, you no longer need Metered Connections.

      So I turn on metered connections.
      Un-pause Windows Updates.
      Run WUMT and hide the update.
      Turn off metered connections.

      Then next month Windows update will not download and install anything, but I can do so using WUMT.  Is that all correct?  I am not all that technical and this is very confusing for me.

      Thanks.
      Bill

       

       

    • #2630289

      So for Windows 11 is the only option to block the entire cumulative update?

      There’s no reason to do so, as there are no known issues with January 2024 updates for Windows 11 versions 22H2/23H2.

      I’m confused.  In her article Susan said “It’s important to remember that updates for WinRE can be included in cumulative updates, as they currently are for Windows 11. When that is the case, and the conditions for the installation of the WinRE update are not met, the entire cumulative update may fail to install.”  Is that incorrect?

      Bill

      • #2630307

        She also said, “While I’ve not seen issues with Windows 11, I have seen issues with Windows 10.”

        1 user thanked author for this post.
        • #2630385

          She also said, “While I’ve not seen issues with Windows 11, I have seen issues with Windows 10.”

          Windows 11 allows more space from the outset for the WinRE partition than Windows 10 typically allows.

          -- rc primak

    • #2630291

      That sounds right.
      Use WUMT to hide updates you don’t want and download/install the ones you want.

      Thanks PKCano.

      Bill

    • #2630297

      Thanks Susan for this post… I too have found this patch incredibly frustrating and have setup via my RMM to block the install and if not used the powershell commands to block it

      Set-ExecutionPolicy Unrestricted -Force
      install-module -name PSWindowsUpdate -Force
      Hide-WindowsUpdate -KBArticleID KB5034441 -AcceptAll

      I put all this in my blog at jvhconsulting.com where I linked your previous newsletter about solutions.

      Glad to be a part of this newsletter as it is incredibly good information to share.

      thanks
      Joost van Haaren

    • #2630303

      How about this:

      When my pause is up, resume updates and use a blocking tool to block the KB5034441.

      Susan said once the windows update starts downloading you can quickly stop the update, hide the update. I really don’t want to mess with the computer settings for metered and unmetered and all that jazz.

      And Susan stated if it failed, it failed and do nothing.

      Which tool is the best to hide the updates once they come down through Windows update?

      The only harm it could do is fail to install. Correct?

       

      Win 10 Home 22H2

    • #2630308

      suggest hiding update using powershell:

      Set-ExecutionPolicy Unrestricted -Force
      install-module -name PSWindowsUpdate -Force
      Hide-WindowsUpdate -KBArticleID KB5034441 -AcceptAll

       

      2 users thanked author for this post.
      • #2630331

        Thanks for this, as the time approaches for the pause to expire, I will need a detailed tutorial. The more I read the more confused I become.

        I have WIN 10 Home. In my Recovery file folder when I click on it, HP has a message not to alter anything. Do not delete or alter any of the files. Any change in the partition could impact system recovery in the future.

        I think we are all sunk and have to hide and wait for Microsoft. It was so much easier with WIN 7, just hide the update.

        Win 10 Home 22H2

    • #2630313

      She also said, “While I’ve not seen issues with Windows 11, I have seen issues with Windows 10.”

      Yes, but just because she hasn’t seen any issues doesn’t mean there might not be issues.  The recovery partition on my Win11 laptop doesn’t have 250 MB free space.  I just want to make sure the cumulative update won’t fail.  Has anyone with a Win 11 machine with less than 250 MB free space been successful in installing the January cumulative update?

      Bill

      1 user thanked author for this post.
    • #2630324

      I installed the new update on Windows 11 Pro with no problems – maybe a little slow. I wondered what all the fuss was about.

      The horror, the horror…

      Mark

       

       

    • #2630333

      I installed the new update on Windows 11 Pro with no problems – maybe a little slow. I wondered what all the fuss was about.

      The horror, the horror…

      Mark

       

       

      Did you have less than 250 MB of free space on your recovery drive?

      Bill

      • #2630561

        I don’t know.  I don’t worry about these things unless I have to.  Dell does a lot of work for me.

        Mark

    • #2630339

      If you have upgraded to Win11 from Windows 10 your Recovery partition is probably 4GB+
      With W11 clean OEM/install it is probably > 500MB

      Mine is a new Win 11 laptop that has never been updated.  I used the instructions Susan gave to determine how much free space the recovery drive has.  It shows it has 89 MB of free space out of about 732  MB total.

      Bill

      1 user thanked author for this post.
    • #2630506

      Haven’t seen any mention yet of KB5034439: Windows Recovery Environment update for Windows Server 2022: January 9, 2024. This is failing on a four-month old install of Server 2022, both on Hyper-V Host and a Server 2022 guest. In other words, a default install of the latest OS, which created a 523MB recovery partition, will not install KB5034439.

      Susan used MiniTool to get the actual free space of the recovery partition. It looks like PowerShell get-volume also works, though I’m just eyeballing based on size; I see no simple way to confirm which is the recovery partition.

      Get-Volume

       

    • #2630521

      I’d rather wait and demand that Microsoft provide a consumer-friendly resolution to this mess.

      Susan,
      If you can get whoever-is-in-charge-at-Microsoft to listen to you and you can make this demand and can get it effected, great!! The average Joe has no weight.

    • #2630523

      My recovery partition is to the right of the C: partition and followed by a logical partition. If I decide to extend the recovery partition, can I do so using the logical partition or should I use the C: one ?

    • #2630573

      Hope this trick helps some others to outsmart windows update. As per above comments.

      Am Win10 Pro, with Group Policy stg to ‘2’. Using Winshowhide. (I keep ‘metered on’ out of abundance of caution until ready to update).

      I am hardwired (ethernet) no wifi. Hope this works for Win 10 ‘home’ users too?

      My ‘trick’ hasn’t failed me yet:

      Night before ‘Patch Tues’, I unplug ethernet cable from router.

      Tues (or anyday) after ‘patch day’, I’ll “wake up” PC from sleep while my PC is STILL offline- Windows Update will scan & show “all up-to-date”. Once I see that, I plug ethernet back in, and immediately run WinshowHide. And Hide everything.

      I know Windows Update only scans once a day. Thus I’ve caught the dragon.

      May not work for everyone, as you may need to be on-line 24/7, but works for me. Unhide when Susan gives the go-ahead. * I use 3rd party enterprise anti-virus, it updates w/out Win up if that makes a diff to those relying on Defender solo. Others may wish to chime in on that.

    • #2630531

      My anti-virus blocks WUSHOWHIDE so that isn’t a preferred option.
      I was able to get the Windows Update Mini Tool working and downloaded pending updates.
      No sign of KB5034441 yet.
      I have the regular Windows Updates paused until early February.
      When should I expect to see KB5034441?

      • #2630593

        You should already see the update. Have you hidden it already?

        cheers, Paul

        p.s. AV that blocks programs I want to run gets the heave ho from me.

    • #2630574

      Thank you for a lucid explanation of what’s going on with the extra partitions on boot drives. And for the pointer on how the Disk Management lamely reports what is on your disks.

    • #2630607

      If I decide to extend the recovery partition, can I do so using the logical partition or should I use the C: one ?

      Shrink the C drive

      1 user thanked author for this post.
    • #2630650

      I have 5 PCs at home, 1 Win11 Pro & 4 Win10Pro, all with Build 19045 22H2 . My main desktop PC (Win10) encountered the KB5034441 error as did an old laptop (Win10). On the desktop I ran AOMEI Partition Assistant Standard Edition 7.0 to increase the size of the WRE partition to 1GByte & the update installed successfully. But I did not have AOMEI Partition Assistant for the laptop & I did not wish to spend any money on purchasing a product to fix this problem. I found a freeware solution in GParted (https://sourceforge.net/projects/gparted/) to resize WRE partition. As Susan discovered on one of her laptops, there was more than one WRE partition. So I had to work out what the active WRE partition was. I was able resize the relevant partition and the update susequently successfully installed.

      Susan wondered how there were 2 WRE partitions on her laptop’s SSD. I was wondering the same thing for my laptop. My only guess is that, at some point I upgraded the laptop with an SSD, took an image of the hard disk & transferred the image to the SSD. (After the laptop booted off the SSD, I reformatted the hard disk. So the laptop had both an SSD & hard disk.) Later I converted the SSD from MBR to GPT format. So perhaps the image transfer or, more likely, the conversion from MBR to GPT caused the 2 WRE partitions.

    • #2630654

      I have the regular Windows Updates paused until early February.
      When should I expect to see KB5034441?

      When you unpause

    • #2630692

      Regarding “two recovery partitions”

      I’m pretty sure that’d be one for WinRE and the other containing the OEM provided restore image (install.wim), if present.

    • #2630701

      Windows Update and wushowhide both use the Windows Update Service to scan for updates. If you Pause Windows Update so that it doesn’t scan for updates, you have also blocked wushowhide from scanning for updates.

      Thanks for your explanation, but if I allow updates again, it immediately starts to download 5034441 before I can get to wushohide to hide it. I have an old laptop that I use as a sacrificial lamb for updates and I appear to have beaten it to the draw, by using wushohide as it downloaded 5034441. It completed a 100% download, but then failed to instal with error message Ox80070643. It now shows up in wushohide as hidden, so that’s all right, but there must be a way to stop automatic downloads. I shall google it.

    • #2630724

      Ok, here’s the why of there possibly being two recovery partitions.

      Older versions of Windows were setup to place the recovery partition before the OS partition on the main drive during initial installation.

      Newer versions of Windows are setup to place it after the OS partition on the main drive during initial installation.

      Microsoft made this change because they finally realized the recovery partition “might” need to be increased in size at some future date (well, duh) and it’s much easier to do that, without requiring a “fresh install” of Windows, if it’s located after the OS partition.

      The issue of having two recovery partitions occurs if you’ve done an “in place” upgrade from an older version of Windows where it was located before the OS partition to a newer version where it needs to be located after the OS partition.

      It happens because, in order to “move” the existing recovery partition after the OS, the install would have to reformat the drive but, an “in-place” install is intended to keep all your existing S/W & personal settings and reformatting the drive would erase all that so it can’t be done.

      Instead, the install “shrinks” the existing OS partition enough to create a new recovery partition that’s located after the OS partition; leaving the old recovery partition “as is” but no longer marked as an in use recovery partition in the BCD.

      A fresh install avoids the whole drama of two different recovery partitions because it does reformat the drive during the installation process but you’ll have to reinstall any 3rd party S/W & recreate your personal settings.

      BTW, while it’s possible to reclaim the old recovery partition space for use by another partition on the drive, it’s a complicate process requiring the correct S/W (as mentioned by several posters here on AskWoody) and should not be undertaken without making a “full image backup” of the main drive first since, if done wrong, it can make your OS unbootable!

      2 users thanked author for this post.
    • #2630736

      Here’s why the Minitool Partition Wizard free software is so useful for looking at your disk setup.  With just a few clicks it shows:

      1. ALL your disks [including the unformatted Microsoft Reserved Partition after the EFI System partition] with a functional description, so you can see your System & Recovery Partition.
      2. At the bottom, you get a bar filled with ALL partitions with their space utilisation.
      3. With a click, you can view the folders on the Recovery Partition and see their file sizes and dates

       

    • #2630739

      I am using Win. 10 22H2 and Bitlocker has never been enabled. If I don’t have sufficient space in my recovery partition, the update will fail – but I don’t need it anyway (see attached snip). If it installs, I can leave well alone. I seem to be missing something: where is the problem?

      Further to The Surfing Pensioner’s question, if you use Windows Update on your Win 10 machine and the Windows Recovery Environment (WinRE) update KB5034441 fails while you are installing your Jan 2024 Patch Tuesday updates ***, what harm does it do if you simply pause Windows Update and wait for Microsoft to release a fix for the 0x80070643 – ERROR_INSTALL_FAILURE installation error? Susan Bradley noted in her newsletter article KB5034441 has led us astray, in a horrible way: “Don’t worry if you can’t stop the update before it attempts to install. It will do no damage. It will merely attempt to install and fail” so even if you don’t pause your Windows Updates all you’re doing is wasting bandwidth each time Windows Update downloads and fails to install KB5034441.

      If you do pause your Windows Updates and reach the maximum 35 days of pausing before Microsoft releases a fix for the 0x80070643 installation error (in Win 10 Home you can pause updates for 7 days up to five times as instructed in the PCMag article How to Delay Windows Updates and Tell Microsoft to Leave You Alone; for Win 10 Pro you can pause Windows Update up to a maximum of 35 days in your Advanced Settings) then you will be required to run a Windows Update before you can pause again.  If this happens and KB5034441 fails again (and wastes some bandwidth doing so) you can start a new 35-day cycle of pausing your updates and can resume your updates any time you wish. Note: If you use Microsoft Defender as your antivirus then your daily virus definitions will  continue to update while Windows Update is paused.

      If you have a Win 10 Home OS then it might make sense to use one of the blockapatch.com utilities like WUshowhide or WUMgr to hide KB5034441 until a fix for the 0x80070643 installation error is released so you don’t have to fuss with pausing Windows Update every 7 days. If you do use BitLocker encryption then just remember that you will eventually have to unhide and apply this KB5034441 update once Microsoft has fixed the 0x80070643 installation error to ensure you’ve patched the CVE-2024-20666 vulnerability that could allow attackers to bypass your BitLocker encryption using an unpatched WinRE.

      *** Note that KB5034441 installed successfully on my Win 10 Pro v22H2 laptop with less than 250 MB of free disk space on my WinRE partition. See my post # 2628138 in Susan Bradley’s 09-Jan-2024 Ready for the new patching year?.
      ————
      Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3930 * Firefox v121.0.1 * Microsoft Defender v4.18.23110.3-1.1.23110.2 * Malwarebytes Premium v4.6.8.311-1.0.2242 * Macrium Reflect Free v8.0.7783

      2 users thanked author for this post.
      • #2630756

        Many thanks for this detailed reply, Imacri. I have already decided to wait until my pause runs out in early February and then run Windows Update and take my chances. I tried using wushowide once previously – with a techy in attendance! – and it was a complete waste of time: the updates, including the CU, proceeded to download and install merrily on a metered connection and there really wasn’t time to run the tool, so I’m not keen to repeat that experiment. The way I see it, if KB5034441 installs, happy days; if it fails, I wait for MS to sort things out. I don’t use Bitlocker and never will. By the way, I am able to pause updates for 35 days on my Windows 10 Home laptop, just the same as my Windows 10 Pro desktop. Thanks again. TSP

    • #2630784

      I just did the PowerShell check on my Windows 10: results attached.

      It appears my Windows RE is located on harddisk0\partition5; however note the screen shot from Disk Management does not show a partition 5, but an unnamed partition 6.89 GB.

      Then also note the screen shot from a Macrium Reflect backup which does show 5 partitions, with the 5th one labeled Windows RE tools and  also matching the 6.89 GB size.

      So why does Macrium show the partition 5 and not Disk Management?

      Also note that this partition 5 is the last one on the right and is using 5.87 GB of the 6.89 GB size, leaving 1.o2 GB free?

      Also the partition 4 to the left is almost empty (true) so could easily be shrunk if needed.

      Assuming the 6.89 GB unnamed partition is indeed partition 5, it would appear I would be OK?

      Comments?

      Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)
      • #2630792

        As you’ve seen, Microsoft tools don’t tell the whole story – in your example, Disk Management has chosen to ‘miss out’ the small Reserved partition at the start of the disk that Macrium actually shows.

        Bear in mind partition number numbers are allocated in the order thay are created and not in the order on disk.  It’s perfectly legitimate to have a partition 5 at the start of the disk.

        Suggest you run DiskPart and see what ‘Select disk 0’ and  ‘list part’ commands show you .

        The numbers in this list correlate with the reagentc number …

      • #2630829

        It looks like that “empty” one that isn’t really empty is is and yes it looks like you shouldn’t have issues.

        Susan Bradley Patch Lady/Prudent patcher

    • #2630791

      No kb5034441 re-issue (yet?) alongside the week C Previews..
      https://www.catalog.update.microsoft.com/Search.aspx?q=%222024-01%22

      Win8.1/R2 Hybrid lives on...
      1 user thanked author for this post.
    • #2630899

      Aside from all the shaming Suan rightfully heaped on Microsoft for KB5034441, I’d like to add one more bullet.

      Microsoft knew or should have known that a lot of machines would have recovery partitions that could not handle this update.

      I have two Windows 11 Pro machines in front of me. One was upgraded from Windows 10 Pro; the other was a fresh install on brand-new hardware about 4 months ago. The Recovery partition on both machines is 625 MB with 536.06 MB used. The upgraded machine was originally a clean install of Windows 10 Pro on a 1 TB SSD, i.e., what’s a few hundred MB among friends, yet the installer set the recovery partition to 625 MB. The same thing happened on the machine with the clean Windows 11 Pro installation.

      I’ve installed various versions of Windows hundreds of times and I’ve always let the installer partition a blank disc as it sees fit. I don’t know if other folks tweak the partition sizes when installing Windows, but Microsoft darn well should have known how big a recovery partition to expect on a lot of machines.

      3 users thanked author for this post.
      • #2630902

        Microsoft is incompetent – seriously.   Our standard policy is not to install Monthly Quality Updates for 19 days. This policy is based on Microsoft’s proven incompetence over the last couple of years. An update that causes business disruption and loss of revenue is unacceptable. We’ve found that Microsoft will address serious bugs within that 19 day “beta” period.

         

         

         

        • #2631033

          MS is incompetent…

          110% agree.  And nothing will change : (

          On the bright side… it’s job security for competent people.

          I sooo wish there was an alternative.  And MS is the business school example of how being inept doesn’t hurt you (the company) at least when you are so large.  TINA.  There is no alternative (or none that worldwide business on the whole will move to and say F U to MS).

    • #2630903

      There’s more fallout. I have no explanation for why my drive has two recovery partitions. I have no idea how the second one got there, so that means more research.

      Maybe your machine came that way.

      I’ve checked three laptops, an HP that originally shipped with Windows 10 Pro and two Dell Latitudes, one shipped with Windows 10 Pro, and the other with Windows 11 Pro.  The HP has just one recovery partition of 975 MB but both Dell machines have TWO recovery partitions each; one is about a GB and the other is about 1.4 GB.

      PowerShell says only one partition on each machine is the Windows recovery partition (the 1 GB one).  I presume the other partition is something Dell included.

      • #2631014

        …I presume the other partition is something Dell included.

        Hi MHCLV941:

        If your Latitude models are listed in the Dell SupportAssist OS Recovery Support Matrix then you might have the Dell SupportAssist OS Recovery Tools (listed as Dell SupportAssist Remediation at Control Panel Programs | Programs and Features and in your Windows Services at Start | Windows Administrative Tools | Services) installed on your systems.  I assume that would account for at least one of your partitions, even if you’ve uninstalled Dell SupportAssist Remediation v5.5.x (which I did about a year ago on my Inspiron 5584).
        ————
        Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3930 * Firefox v121.0.1 * Microsoft Defender v4.18.23110.3-1.1.23110.2 * Malwarebytes Premium v4.6.8.311-1.0.2242 * Macrium Reflect Free v8.0.7783 * Dell Update for Windows Universal v5.1.0 * My Dell v2.2.6

    • #2631145

      Susan, I think KB5034441 is done by Microsoft on purpose to cause the normies to move to Windows 11. Anyway, thanks for the tip about the MiniTool Partition Wizard. I have 5 home desktop and Laptop computers with Window 10 and so bought the lifetime version for 5 licenses that allow full use. I just wish you would get a cut for the suggestion. The MiniTool is really nice and I was able to easily adjust my Recovery Partitions with ease. KB5034441 and other updates for January went without a hitch. I will now be waiting for any strange boxes, warnings etc. that my family may be getting from the Microsoft crazy Windows 10 updates. I am sure there will be more to come. Thanks for all you do for us!

    • #2631180

      Just wanted to tell you that I used your information to find out if I could install this, my partition is not the last one but the last one is empty. The WE is 980 MB so I should not have any problem with allowing this to install. Of course I will not install anyway since I no longer am in business writing web pages for genealogy. Thank you for all you do to keep us safe from M$ and it’s wacky sometimes updates.

    • #2631228

      How do we block the update KB5034441 on our consumer PCs?

    • #2631233

      Susan-
      Thanks for all you’ve been doing for us.
      I was at the DOS 6.2 release show Hilton Hotel Costa Mesa, CA in 1993 or thereabouts, some catchy forgotten name for file compression in that release.
      I was at the Anaheim, CA Windows 95 presentation by Bill Gates where he had this huge s##-eatin’ grin on his face when it blue-screened in front of about 500 techs.
      I still have an occasional curse word string for him.
      When Windows 10 came out, I noticed that the partition scheme put the operating system partition between to other partitions. That was 2015, when HDDs were increasing capacity every week, making it hard to move one small drive to a larger one.
      Macrium Reflect became my friend around 2011, used that to keep drives current, moving things around, storing images. I used the Control Panel\RECOVERY utility to create USB sticks to start new drives. I learned to edit the .txt and .xml files in \Sources to configure the OS partition locations and sizes the way I wanted them.

      For KB5034441 on Windows 10, after reading Bleeping Computer’s article, I settled on a WinRE partition size of 900MB, put that in to the RECOVERY stick configuration files, ran the recovery to a HDD, to find that KB installed but at every run of Windows Update, it tries to install again. So far, that change has been done only on one test mule; important data machines are still under the max delay available in Windows Update.

      I’m willing to share those configuration files if you want to take a look…

      Thanks for what you do for all of us,

      Ron

       

      (Susan edited out the curse word)

    • #2631303

      uninstalled Dell SupportAssist Remediation v5.5.x (which I did about a year ago on my Inspiron 5584).

      Why did you elect to remove this software, may I ask?

      • #2631374

        Why did you elect to remove this software, may I ask?

        Hi MHCLV941:

        Dell SupportAssist OS Recovery Tools v5.5.x (a.k.a. Dell SA Remediation) has a reputation for buggy behaviour. The worst I recall is that users who had their personal data stored on a alternate partition or drive (i.e., other than the main C:\ drive) had all their data wiped while updating to Dell SA OS Recovery Tools v5.4.1 – see balji’s 09-May-2021 SupportAssist deleted my partitions while installing OS Recovery for one example.

        If you are currently using Dell SA OS Recovery Tools v5.5.7 then I’m guessing you are affected by a long-standing (but relatively harmless) bug where Event Viewer and Reliability Monitor log hundreds of “Successful Application Reconfiguration” events” approx. 30 min after boot-up while Dell A OS Recovery is creating a Dell system repair point in the hidden folder at C:\ProgramData\Dell\SARemediation\SystemRepair\, resulting in high CPU usage. This bug is caused by sloppy programming (see my 01-Jul-2021 post on page 6 of DELLKaren’s “Successful Application Reconfiguration” and SupportAssist and the attached image I captured in Nov 2021) and Dell has acknowledged the problem but doesn’t seem inclined to fix it.

        I finally decided to ditch Dell SA OS Recovery in 2021 after my relatively new Inspiron laptop would not boot up and the Dell SA OS Recovery failed to launch and perform an emergency recovery. After spending over an hour on the phone with a Dell support tech trying to launch this Dell software I was able to boot into my Windows Recovery Environment and perform a reset to factory condition (luckily, all  my personal data had been backed up to an external backup drive). I now use Macrium Reflect Free v8.0.x (out of support as of Jan 2024) to create emergency recovery media and the occasional full disk image of my hard drive that I save to my external backup drive in case I ever have to perform another emergency recovery.

        Apologies to other readers for the somewhat off-topic reply.
        ————
        Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3930 * Firefox v122.0.0 * Microsoft Defender v4.18.23110.3-1.1.23110.2 * Malwarebytes Premium v4.6.8.311-1.0.2242 * Macrium Reflect Free v8.0.7783 * Dell Update for Windows Universal v5.1.0 * My Dell v2.2.6

        2 users thanked author for this post.
    • #2631304

      KB5034441 has roasted to a mere cinder and its impact on Windows 10 has been beaten to a pulp.

      However, you mentioned the same update is in the Windows 11 monolithic update, but very little about what to do about it. Since it cannot be blocked as it can on Windows 10, what do you recommend for Windows 11? Hope MS updates the update to fix the problem? Install it and hope it does not kill the target PC?

      Also, please address what happens if the update does install successfully. Would we even notice any difference? Does it help – or hurt – anything?

      If we get tangled up like this, what’s the average user to do? (from the newsletter)

      The smart ones read AskWoody, of course!  🙂

      • #2631381

        Also, please address what happens if the update does install successfully. Would we even notice any difference? Does it help – or hurt – anything?

        I’ve installed the Windows 11 cumulative update with no noticeable effects.  The WindowsRE portion of the cumulative update simply updates Windows Recovery Environment.  For my systems it was an increase in size of ~105MB; for others it was different in size.

        I’ve tested WindowsRE and it works just like it did before; no issues, no hiccups.  I have Image For Windows incorporated into WindowsRE and it didn’t have any effect on that, either.

        Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
        We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

        2 users thanked author for this post.
      • #2631382

        Also, please address what happens if the update does install successfully. Would we even notice any difference? Does it help – or hurt – anything?

        Hi MHCLV941:

        If the update installs correctly it will update your Windows Recovery Environment (WinRE) image to a newer version (see my before and after images in my 16-Jan-2024 post # 2628138 in Susan Bradley’s Ready for the new patching year?). This updated WinRE version patches the CVE-2024-20666 vulnerability that could allow attackers to bypass BitLocker encryption. If you do not use BitLocker drive encryption (Win 10/11 Pro) or device encryption (Win 10/11 Home) then patching this vulnerability is not important, but if you do not install your other Jan 2024 Patch Tuesday updates you could expose your system to exploit from other vulnerabilities.

        Keep in mind that Susan Bradley noted in her newsletter article KB5034441 has led us astray, in a horrible way: “Don’t worry if you can’t stop the update before it attempts to install. It will do no damage. It will merely attempt to install and fail” .
        ————
        Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3930 * Firefox v122.0.0 * Microsoft Defender v4.18.23110.3-1.1.23110.2 * Malwarebytes Premium v4.6.8.311-1.0.2242 * Macrium Reflect Free v8.0.7783

    • #2631424

      Keep in mind that Susan Bradley noted in her newsletter article KB5034441 has led us astray, in a horrible way: “Don’t worry if you can’t stop the update before it attempts to install. It will do no damage. It will merely attempt to install and fail” .

      Yep, she did say that.  She didn’t say what if any, noticeable change there would be if the update installed successfully.

      If the update installs correctly it will update your Windows Recovery Environment (WinRE) image to a newer version

      That’s fine but what I asked was what noticeable change would I or any of my users notice?

      • #2631446

        That’s fine but what I asked was what noticeable change would I or any of my users notice?

        Quite likely, none.  If your WindowsRE worked before, it should continue to work with no noticeable changes.

        If it didn’t work before, it likely still won’t work.

         

        Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
        We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

        1 user thanked author for this post.
      • #2631541

        Only thing I noticed after changing the WinRE partition space and installing the patch was after first reboot the bios couldn’t find the drive… shutdown and reboot again and next time it was fine (whew!).

        I have blocked this patch on all my client systems b/c I know they don’t have bitlocker set so no need.

        What is really frustrating is Microsoft’s lack of response to this and what it requires to install it if necessary.  Seems now they have a record for January Patches being sucky –  has happened too many times before!

    • #2631612

      Windows 10 Home 64 over 10 years old CyberPower gaming computer. I am in the midst of this debacle as I type. I ran out of time for postponing MS updates and only 2 security updates were listed. So I decided to install them  but the computer crashed as it was installing them. Luckily an Automatic Repair was successful but it noted that “we couldn’t complete the updates, undoing changes, don’t turn off your computer”. Windows Update reappears and mentions the error (0x800f0845) and offers Retry which I did. That proceeds to force 3 updates on me – 2 security and… you guessed it KB5034441. MS chose to install that monster first and it failed indicating Download Error- 0-80070643.  BIG Question: once the cumulatives install, should I go in to Block a Patch to stop KB5034441 BEFORE I install the security updates or WAIT until they’ve been installed?

      Thanks in advance for any words of wisdom.

      • #2631617

        Use WuMgr to hide 34441, then let Windows Update do its thing.

        Guide to using Wumgr.

        cheers, Paul

        1 user thanked author for this post.
      • #2631792

        I am on long time member of Ask Woody. I received this email today after posting about KB5034441. Can someone explain what this message from Word Press means? It appears to be written by AI. I use Proton VPN on my system if that helps. Can SPAM come through my Proton system? Below is the message I received:

        “Your post Reply To: KB5034441 has led us astray, in a horrible way has been removed. The reason for removal: reposted as anon. The VPN you use is very spammy and the spam system caught this post. If you use a direct connection you should be OK. Thanks for you participation in the AskWoody forums but your post was not deemed to be relevant to the discussion and thus was removed in order to keep a clean and tidy venue.

        Thanks for any help you may offer.

        • #2631809

          No AI, just a human making a call.  When we approve posts that come from spammy IP addresses we train our akismet spam filter that they are okay.  So we’d rather not approve it.  The issue is that you are re-using an IP address that has been used by malicious users.  VPNs don’t always help those of us that are trying to keep bad guys away.

          Susan Bradley Patch Lady/Prudent patcher

          1 user thanked author for this post.
        • #2631810

          In addition to what Susan said above, since you use a VPN, you might want to check exactly what your IP address is before trying to post. Find that out on the following site: https://www.whatismyip.com/. Once you have your IP address, you can then check it on one of the two following sites to see just what kind of record it has with respect to being considered a spam-laden IP address: https://cleantalk.org/blacklists or https://stopforumspam.com/search. Either site will tell you just how cruddy or clean your current IP is considered. If it’s really “dirty” you might want to go through the steps you need to that will assign you a different IP address that will hopefully not be so “dirty”.

          I hope this helps!

          OK, enough of this as it’s quite off-topic for this thread.

          • #2631813

            Thank you Bob99 for the time you spent helping me understand how this works. I am a novice with the complex technicalities necessary to deal with Microsoft and just trying to keep my computers safe. My post was an extension of my previous post which Paul T and Susan kindly answered and I did not know where else to post this.

            I do not appreciate the apparent condescension of your last sentence.

            Please do not lecture me.

            • #2631814

              OK, enough of this as it’s quite off-topic for this thread.

              I think this was supposed to be funny.  If not, I agree it was uncalled for.

              1 user thanked author for this post.
            • #2631984

              @bookman

              My sincerest apologies for the last sentence. It wasn’t meant to be condescending or humorous, or as a mini lecture for you. It was meant for others reading this thread to let them know that these last few posts were off topic and that no more posts about any VPN-related issues should be placed here.

              I have seen threads get unintentionally “hijacked” by such postings here on AskWoody in the past and did not want this one to start going down the same path due to others (not yourself) posting additional questions related to your individual issue simply because they’d been experiencing the same issue.

              Again, my sincerest apologies for the last sentence of my prior post.

              5 users thanked author for this post.
            • #2632163

              Thank you for your response. What you write is helpful because, as you can see from the low number of posts I have made over many years here, I lack the time to fully study the complex protocols of this site. Nonetheless, I do appreciate those who offer their time to share their bountiful experience and laud all the writers for their insights.

              1 user thanked author for this post.
            • #2632182

              Thank you for your response.

              You are Very Welcome!  🙂

    • #2632119

      My latest observations with client workstations with update KB5034441:

      1. Sometimes succeeds even though the recovery partition has less than 250MB free.
      2. Sometimes fails even though the recovery partition has more than 250MB free.
      3. It is NOT being offered to all Windows 10 machines, especially domain joined.

      If you’re confused on what to do, see my post here (most people should do nothing):
      https://www.askwoody.com/forums/topic/kb5034441-has-led-us-astray-in-a-horrible-way/#post-2629980

       

       

      4 users thanked author for this post.
    • #2632147

      FWIW, I ran the PowerShell script on a test machine (after I figured out how to get it to run). I needed to change the execution policy on the computer first. The WinRE partition size is 530 MB. Prior to running the script, there was 88.5 MB free space, and the WinRE version service pack build was 1. After the update, the partition showed 53.16 MB free space, and the version service pack build is now now 3920. I tried re-running the script, and PowerShell reported that the script had already been run successfully on the machine. It wouldn’t re-run the script. AFAICT, there were no adverse effects, even if the script failed to complete the update. I had a couple of unsuccessful runs prior to it succeeding. I then hid KB5034441 from WU. I’m still holding off from running the update on my main computer.

      1 user thanked author for this post.
    • #2632319

      It’s now Monday, January 29th, and we are still at DEFCON-1, Don’t Patch.

      I have set the pause updates function in Windows Update to pause until February 1st, which is as far as it will allow.

      Why hasn’t MS pulled this troublesome patch? How do I pause updates beyond February 1st until it is safe to patch again?

      Thanks!

      • #2632423

        johnb3030, I was successful in the past by clicking on “Resume Updates”, then immediately clicking on “Pause Updates”. It stopped the update process in its tracks, but reset the clock for pausing, and let me set it to pause for 5 weeks.  You might consider trying this to give yourself the extra 5 weeks.

        1 user thanked author for this post.
    • #2632358

      Hello,

      so, to add myself to this thread, this

      is my current situation. Disk 4 is the boot drive. The dell installation image created, a bit ago, that schema :
      Recovery partition of 529mb ( 75mb free only) , then a 100mb fat32 partition, then a 16mb (other) partition, then the boot. Any tool would let me resize the boot , the 100mb and the recovery. but the 16mb (other) is marked as not resizable. I’m quite unsure how I could free 600mb from the boot and move it to the start of the ssd if those 16mb are an immovable and immutable object.

      And no, no way I reinstall the system ( that works flawlessly ) for this.

      I could maybe install the dell supportassist feature ( I avoided until now ) and let it maybe do its own magic at the start of the drive ( but somehow i guess it would create its partition at the end…. ?)

    • #2632401

      Having briefly scanned responses, I’ve decided I’d rather juggle rattle snakes than deal with this so I’m going to resume updates, immediately stop them and pause for another month and repeat until Microsoft fixes this.

      1 user thanked author for this post.
      • #2632441

        I understand your sentiment on deferring January updates. Another option to consider, inasmuch as it is KB5034441 that is the problem, is to download and install the monthly cumulative update and .NET update and let KB5034441 fail to install, Then you caould hide the bad update with the wushowhide tool. That way you would remain up to date on everything else for January but also avoid manually resizing, deleting and creating partitions. Just an alternative to consider.

    • #2632459

      I thank Susan and the myriad contributors regarding KB5034441 topic inputs.  I was able to successfully use the batch file RemoveUpdatePause (https://www.askwoody.com/forums/topic/how-to-unpause-windows-updates-without-using-the-resume-updates-button/ )  to “redo” the active PAUSE status I had in WU.  I was then able to run WUShowHide with the advance option unchecked for making repairs.  WUShowHide allowed me to then hide the KB5034441.  I confirmed it was hidden and then went forward with WU’s
      “Check for Updates” and let all the “other stuff” proceed to install.  I will keep tabs on the KB5034441 and deal with it as the DefCon dictates down the road.

      So far, no issues with the “other stuff” installed by WU on my Win10 machine with 22H2 build 19045.2846

    • #2632483

      Did they pull KB5034441 ?

      I used 2 laptops here as guinea pigs, both win10 , both pro. Both were not offered KB5034441

    • #2632510

      Did they pull KB5034441 ?

      I used 2 laptops here as guinea pigs, both win10 , both pro. Both were not offered KB5034441

      I used wushowhide earlier today to see what was in the WU pipeline, and KB5034441 was still listed.

      • #2632654

        In this case i wonder why these 2 laptops were not offered it.

         

        Edit

         

        Ah well… seems it got offered on “this” pc. and as expected failed… oh well, who cares… between the hassle of handling the partition with that unmovable object and having them fix it in some weeks (and in the meanwhile having windows redownload daily the kb ) I pick the lazy way out … let it redownload until fixed … or just hiding it

    • #2632819

      Forgive me, still confused.

      I hid 441 when first recommended to. Am I to try to install now or keep remaining hidden? Win 10 22H2.

      • #2633012

        @rebop2020

        Keep doing just as Alex says in the post right below this one, and keep 441 hidden for now.

        BUT, since Susan has lowered the MS-DEFCON level to 3, you are free to install all the other updates for January, namely the monthly update for Windows KB5034122, the Malicious Software Removal Tool KB890830, and the monthly update for .NET Framework KB5034275.

    • #2632829

      Am I to try to install now or keep remaining hidden? Win 10 22H2.

      Keep hidden until Microsoft fix its blunder.

    • #2633048

      @rebop2020

      Keep doing just as Alex says in the post right below this one, and keep 441 hidden for now.

      BUT, since Susan has lowered the MS-DEFCON level to 3, you are free to install all the other updates for January, namely the monthly update for Windows KB5034122, the Malicious Software Removal Tool KB890830, and the monthly update for .NET Framework KB5034275.

      Thanks. Did even realize I had 5034122 hidden. That was helpful Bob.

    • #2634764

      Susan

      83 year old non-techie from the UK here

      I have stumbled across a solution for the recent KB5034441 problem.   Is this link of any benefit to all forum readers ?   Taken off my UK laptop YouTube link.

      https://www.youtube.com/watch?v=GUnvAN7ffs4&t=608s

      Would the second option be a better/easier for me to use ?

    • #2634808

      Susan

      83 year old non-techie from the UK here

      I have stumbled across a solution for the recent KB5034441 problem.   Is this link of any benefit to all forum readers ?   Taken off my UK laptop YouTube link.

      https://www.youtube.com/watch?v=GUnvAN7ffs4&t=608s

      Would the second option be a better/easier for me to use ?

      This works nicely for one PC or even a few, but many readers here are dealing with 10s or even hundreds of computers.  Manually resizing the partitions would be much too time-consuming.  Also, there’s a good chance that using the software in a commercial setting would violate its license terms.

      However, this DOES work if you have the time and patience.

    • #2634825

      I have stumbled across a solution for the recent KB5034441 problem

      This works because Reserve partition is after C: partition.
      This won’t work where Reserve partition is before C: partition.

      If you don’t use Bitlocker you don’t need KB5034441 at all. Hide it.

      * Microsoft did a better job with releasing Powershell script installing KB5034441 with no need for changing partitions size.

    Viewing 72 reply threads
    Reply To: KB5034441 has led us astray, in a horrible way

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: