alert banner

ISSUE 21.02.1 • 2024-01-10
MS-DEFCON 1: Partition size blocks update


By Susan Bradley Comment about this alert

KB5034441 fails to install with error code 0x80070643.

This failure is very unusual, so much so that I feel compelled to raise the MS-DEFCON level to 1. Do not install the update for KB5034441 unless you have BitLocker and are vulnerable to the risk of direct physical attack. If you have a system that doesn’t have the enough space in the recovery partition, the update will fail.

I don’t want you to attempt to install it until you are confident it will have no effect on your system or until you have addressed the underlying problem.

To give you time to work on the solution, the MS-DEFCON level will remain at its highest level for several weeks.

Note that consumers who have complete physical access to, and control over, their computers and who have not enabled BitLocker are unlikely to be affected by this update. But check anyway.

KB5034441 is titled Windows Recovery Environment update for Windows 10, version 21H2 and 22H2: January 9, 2024. It contains this warning:

Some computers might not have a recovery partition that is large enough to complete this update. Because of this, the update for WinRE might fail. In this case, you will receive the following error message:

Windows Recovery Environment servicing failed. (CBS_E_INSUFFICIENT_DISK_SPACE)

KB5034441 relates to the BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666). It is a flaw that allows BitLocker to be bypassed, thus allowing access to encrypted data.

The simplest advice I can offer is to use BlockAPatch to temporarily block KB5034441. However, the solution involves increasing the size of the Windows recovery partition on your boot drive. Therefore, you must at least assess the size of that partition and determine whether it is large enough, because you will eventually need to install this patch.

Microsoft prepared documentation describing the recovery-partition resizing process in its support post Instructions to manually resize your partition to install the WinRE update (KB5028997). It describes the problem as follows:

Some PCs might not have a recovery partition that is large enough to complete this update. Because of this, the update for WinRE might fail. You will receive the error message, “Windows Recovery Environment servicing failed.” To help you recover from this failure, this article provides instructions to manually resize your recovery partition if you get a system ErrorPhase of 2. This requires your device to have the recovery partition after the OS partition.

Most PCs are configured with the recovery partition last, but it’s important to verify that. The support post includes those instructions. The post goes on to explain how to shrink the size of the OS partition to make room for a larger recovery partition (the post suggests increasing the recovery partition by 250MB) and then describes how to delete the existing recovery partition and create a new one.

There is one catch, which Microsoft describes:

Known issue Because of an issue in the error code handling routine, you might receive the following error message instead of the expected error message when there is insufficient disk space:


I wish I could tell you that the entire process outlined by Microsoft were foolproof. Unfortunately, there have been some problems. See the Microsoft community post Windows 10 22h2 security update [KB5034441] fails to install with code: 0x80070643 for the questions and answers.



Talk Bubbles Join the conversation! Your questions, comments, and feedback
about this alert are always welcome in our forums!

Susan Bradley is the publisher of the AskWoody newsletters.

The AskWoody Newsletters are published by AskWoody Tech LLC, Fresno, CA USA.

Your subscription:

Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody,, Windows Secrets Newsletter,, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody Tech LLC. All other marks are the trademarks or service marks of their respective owners.

Copyright ©2024 AskWoody Tech LLC. All rights reserved.