The IT Nerd

This past “Patch Tuesday”, Microsoft released KB5034441 which has a fix for CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass. Needless to say, this is serious and you should install this ASAP to address this issue.

However, shortly after this KB was released, reports started to appear that users were unable to install this KB. Investigation by numerous people and Microsoft determined that the issue was due to the recovery partition that is created when you install Windows 10 not being big enough. This happens because the WinRE (Windows recovery environment) image file deployed as part of the KB5034441 security update is too large for the recovery partition. Thus the fix is to resize the partition.

Here’s why you don’t want to go this route unless you are really brave.

Now you can do this manually using these detailed and very complex instructions that are way beyond the pay grade of the average user. Never mind an IT professional. And you can really screw up your PC if you do something wrong. Or you can use the a PowerShell script to help you automate updating the WinRE partition. But if you read through the instructions, it requires some prerequisites to be present for this to work. And frankly, it’s also meant for IT departments and not home users. And it too has the potential to screw up your PC. So that’s not a real option as well.

The thing is that I have encountered this issue with home and business users alike. Including on one of my own Windows 10 computers. So given how widespread this issue is, as in have a look at this Reddit post that illustrates how widespread this, a real solution from Microsoft needs to be released to address this. And that solution needs to be something that doesn’t include the gymnastics that Microsoft is recommending. In other words, it has to be a packaged fix that literally an exercise of clicking “next”, “next”, “next”, “done”. Because by the time you have to run PowerShell scripts or do things that 99% of users should have no business doing, it’s not a solution that is workable. And keep in mind that this is in relation to a security issue that Microsoft is trying to fix. Which means that threat actors are likely coming up with exploits to take advantage of this as there’s a whole lot of people out there who have the potential to get pwned the longer that this goes without being fixed. Hopefully Microsoft knows all of this and is working to address this properly and quickly.

Over to you Microsoft.

This entry was posted on January 15, 2024 at 8:44 am and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.