Skip to main content

Watch out for KB5034441 released to patch CVE-2024-20666

dips
Forum|alt.badge.img+7
  • dips
  • Veeam Legend
  • 808 comments

Microsoft released KB5034441 as part of Patch Tuesday. However, on Windows 10 the update is causing issues:

More here:

 

Summary

This update addresses a security vulnerability that could allow attackers to bypass BitLocker encryption by using Windows Recovery Environment (WinRE). For more information, see CVE-2024-20666.

IMPORTANT

Some computers might not have a recovery partition that is large enough to complete this update. Because of this, the update for WinRE might fail. In this case, you will receive the following error message:

  • Windows Recovery Environment servicing failed.
    (CBS_E_INSUFFICIENT_DISK_SPACE)

To help you recover from this failure, please follow Instructions to manually resize your partition to install the WinRE update.

Known issue Because of an issue in the error code handling routine, you might receive the following error message instead of the expected error message when there is insufficient disk space:

  • 0x80070643 - ERROR_INSTALL_FAILURE
Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader

14 comments

coolsport00
Forum|alt.badge.img+20
  • coolsport00
  • Veeam Legend
  • 4142 comments
  • January 11, 2024

Ugh. 😕

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Chris.Childerhose
Link State
dloseke
5 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
  • dloseke
    dloseke
  • CarySun
    CarySun
  • leduardoserrano
    leduardoserrano
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8494 comments
  • January 11, 2024

Why does MS release patches but make it more difficult lately.  😒

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Link State
vAdmin
dloseke
5 people like this
  • Link State
    Link State
  • vAdmin
    vAdmin
  • dloseke
    dloseke
  • CarySun
    CarySun
  • leduardoserrano
    leduardoserrano
dloseke
Forum|alt.badge.img+8
  • dloseke
  • Veeam Vanguard
  • 1447 comments
  • January 11, 2024

Sigh….Microsoft patching is always a crapshoot the past few years….

Derek M. Loseke, Senior Systems Engineer | Veeam Legend 2022-2024 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke
Chris.Childerhose
Link State
CarySun
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
  • CarySun
    CarySun
coolsport00
Forum|alt.badge.img+20
  • coolsport00
  • Veeam Legend
  • 4142 comments
  • January 11, 2024

Brightside? At least it's not like the printing issue from 3-4yrs ago 😳

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Chris.Childerhose
Link State
dloseke
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • Link State
    Link State
  • dloseke
    dloseke
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8494 comments
  • January 11, 2024
coolsport00 wrote:

Brightside? At least it's not like the printing issue from 3-4yrs ago 😳

That is very true.  🤣

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Link State
dloseke
2 people like this
  • Link State
    Link State
  • dloseke
    dloseke
dips
Forum|alt.badge.img+7
  • dips
  • Author
  • Veeam Legend
  • 808 comments
  • January 12, 2024

You would think Microsoft would do some testing prior to releasing patches. The patch will need a patch to patch the original issue 🙄

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader
Chris.Childerhose
dloseke
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • dloseke
    dloseke
CarySun
Forum|alt.badge.img+7
  • CarySun
  • Veeam Vanguard
  • 200 comments
  • January 18, 2024

This does not impact Windows 10 only. It seems also to impact Windows Server 2022.

Microsoft has released PowerShell scripts that automate the installation of the BitLocker CVE-2024-20666 security patch to the Windows 10 Windows Recovery Environment (WinRE).

Unfortunately, even after running this PowerShell script, Windows Update will continue to try to install the KB5034441 update, causing continued errors to be displayed.

If you use the PowerShell script to install the BitLocker fixes, you should hide the KB5034441 update using Microsoft's Show or Hide Tool so that Windows Update no longer offers it on your system.

Veeam Vanguard | VMCE 2024 | Microsoft MVP | Cisco Insider Champion | CISCO CCIE #4531 | Web Site - carysun.com | Blog Site - gooddealmart.com | Blog Site - checkyourlogs.net | X: @SifuSun | LinkedIn: https://www.linkedin.com/in/sifusun/ | Amazon Author: https://Amazon.com/author/carysun
Chris.Childerhose
vAdmin
dloseke
4 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • vAdmin
    vAdmin
  • dloseke
    dloseke
  • TylerJurgens
    TylerJurgens
TylerJurgens
Forum|alt.badge.img+7
  • TylerJurgens
  • Influencer
  • 161 comments
  • January 18, 2024

Even more fun, if you’ve straight up deleted the recovery partition on Server 2022 (because its at the end of your disk layout now and you needed to expand the disk) you’ll get an error installing that KB.

 

So now you either hide that KB or you re-create that recovery partition. Gross. 

Tyler Jurgens | Senior Technical Product Marketing Manager | Former Veeam Legend x3 | vExpert ** | VMSP/VMTSP | VCP-2020 | VSP/VTSP | Tanzu Vanguard | VMUG Calgary Leader | VUG Canada Leader | https://explosive.cloud | @Tyler_Jurgens | BlueSky: @tylerjurgens.bsky.social
Chris.Childerhose
vAdmin
dloseke
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • vAdmin
    vAdmin
  • dloseke
    dloseke
S
  • SPB0207
  • New Here
  • 1 comment
  • January 31, 2024

After installing KB5034441, no more Veeam Windows Agent Backup was possible. Error: “31.01.2024 10:41:41 :: Error: Volume \\?\Volume{7d411b1d-8d8c-4c52-b2fc-5d42166fb1f8} is offline”

After deinstalling, it was no more a problem.  Thanks to M$. 

 

Chris.Childerhose
vAdmin
dloseke
4 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • vAdmin
    vAdmin
  • dloseke
    dloseke
  • TylerJurgens
    TylerJurgens
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 8494 comments
  • January 31, 2024
SPB0207 wrote:

After installing KB5034441, no more Veeam Windows Agent Backup was possible. Error: “31.01.2024 10:41:41 :: Error: Volume \\?\Volume{7d411b1d-8d8c-4c52-b2fc-5d42166fb1f8} is offline”

After deinstalling, it was no more a problem.  Thanks to M$. 

 

Yes there have been a few of these lately from MS.  Hopefully they address them with a new patch to fix things up.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
dloseke
TylerJurgens
2 people like this
  • dloseke
    dloseke
  • TylerJurgens
    TylerJurgens
Nico Losschaert
Forum|alt.badge.img+12
  • Nico Losschaert
  • On the path to Greatness
  • 681 comments
  • January 31, 2024

Thx for sharing @dips.

IMHO Microsoft sees the customers as a large test-environment 🙄.

#Veeam Legend 5* | VMCA 3* | VMCE 4* | VMTSP+ 2* | VMSP 2* | DCIE 2* | Loves Best Practices | Twitter : @NLosschaert
Chris.Childerhose
coolsport00
dips
5 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • coolsport00
    coolsport00
  • dips
    dips
  • vAdmin
    vAdmin
  • dloseke
    dloseke
dips
Forum|alt.badge.img+7
  • dips
  • Author
  • Veeam Legend
  • 808 comments
  • January 31, 2024
Nico Losschaert wrote:

Thx for sharing @dips.

IMHO Microsoft sees the customers as a large test-environment 🙄.

Yep, we are all testers in some form :P 

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2025 | Cyber Security Space VUG Leader
Chris.Childerhose
vAdmin
dloseke
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • vAdmin
    vAdmin
  • dloseke
    dloseke
vAdmin
Forum|alt.badge.img+2
  • vAdmin
  • Influencer
  • 168 comments
  • February 6, 2024

It's better to test the system in our test environment first, and then perform a controlled release into the most likely attacked computers.

Also, please keep in mind that the attacker will try to test our security measures as well when they get the chance.

Microsoft Azure Solutions Architect Expert, VMware Certified Professional - DCV 7, Citrix Certified Professional Virtualization (CCP-V), ITIL Practitioner
Chris.Childerhose
dloseke
2 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • dloseke
    dloseke
dloseke
Forum|alt.badge.img+8
  • dloseke
  • Veeam Vanguard
  • 1447 comments
  • February 8, 2024
dips wrote:
Nico Losschaert wrote:

Thx for sharing @dips.

IMHO Microsoft sees the customers as a large test-environment 🙄.

Yep, we are all testers in some form :P 

Everyone has a test environment.  Not everyone is fortunate enough to have a separate production environment.

Derek M. Loseke, Senior Systems Engineer | Veeam Legend 2022-2024 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke
Chris.Childerhose
dips
TylerJurgens
3 people like this
  • Chris.Childerhose
    Chris.Childerhose
  • dips
    dips
  • TylerJurgens
    TylerJurgens

Comment


Terms & Conditions