$_ cmd

← decode · jargon mode

ERROR KB

KB5034441

Retired Jan 2024 WinRE update — failed with 0x80070643 if WinRE partition was too small

in plain english

A January 2024 Windows 10 security update for a BitLocker bypass (CVE-2024-20666). It became infamous because installation fails with 0x80070643 (NOT 0x800F0922) on millions of OEM laptops whose WinRE recovery partition was too small. Microsoft has since retired this specific KB; current remediation is to ensure WinRE is healthy (~250MB free, version >= 10.0.19041.3920) — Microsoft now ships the WinRE update via the regular monthly cadence.

most likely causes

  • WinRE recovery partition has less than 250MB free space
  • WinRE partition placement on disk prevents extending it via Disk Management
  • WinRE is disabled (reagentc /info shows Windows RE status = Disabled)
  • Third-party recovery solution has replaced or moved the WinRE partition

fix path

  1. Run reagentc /info — note WinRE status, location, version, and partition
  2. If WinRE is disabled: reagentc /enable
  3. If partition is too small: follow KB5028997 to manually shrink the OS partition by 250MB and extend WinRE
  4. Confirm WinRE version is at least 10.0.19041.3920 (the patched payload). If older, run Windows Update — current monthly LCUs carry the WinRE refresh.
  5. For fleets: deploy the KB5028997 PowerShell script via Intune Win32 app or Configuration Manager package before WinRE updates land

seen in

Historical: Windows Update on Win10 21H2/22H2 · WSUS catalogue · Intune Update Rings (Windows 10) · Manual MSU install

microsoft learn docs →

related

verified