In this blog post, we will discuss the latest update, KB5034439, addressing a security vulnerability that affects Windows Recovery Environment (WinRE) in Azure Stack HCI Version 22H2 and Windows Server 2022. This update is crucial for maintaining the integrity of your system and protecting against potential attacks. Let’s dive into the details.
Summary:
The KB5034439 update focuses on addressing a specific security vulnerability that could potentially allow attackers to bypass BitLocker encryption by leveraging the Windows Recovery Environment. For more in-depth information regarding this vulnerability, you can refer to CVE-2024-20666.
Important Note:
It’s worth mentioning that some computers might encounter difficulties during the update process due to insufficient disk space within the recovery partition. If you come across this issue, you may encounter the following error message: “Windows Recovery Environment servicing failed. (CBS_E_INSUFFICIENT_DISK_SPACE)”. To resolve this, we provide step-by-step instructions on how to manually resize your partition to successfully install the WinRE update. This workaround will ensure a smooth update process.
Known Issue:
Please be aware that due to a coding problem in the error code handling routine, you might receive a different error message instead of the expected insufficient disk space error. Instead, you may encounter the error code “0x80070643 – ERROR_INSTALL_FAILURE” in this scenario.
How to Get the Update:
There are different channels through which you can obtain this update:
- Windows Update and Microsoft Update: This update will be automatically downloaded and installed through the Windows Update feature.
- Microsoft Update Catalog: Unfortunately, this update is not available in the Microsoft Update Catalog. Therefore, you’ll need to explore other release channels for accessing the update.
- Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager: Similar to the Microsoft Update Catalog, this update is not available through WSUS or the Endpoint Configuration Manager. Consider other release channels to obtain the update.
Prerequisites:
To apply this update, there are no specific prerequisites required. You can proceed with the installation directly.
Restart Information:
After successfully applying KB5034439, there is no need to restart your device. The update will take effect immediately.
Verification of Installation:
To confirm the installation and ensure that the update is correctly applied, you can check the WinRE image version. There are instructions provided on how to perform this verification process.
Removal Information:
Once applied to a Windows image, this update cannot be removed. It becomes a permanent part of the system.
Update Replacement:
KB5034439 does not replace any previously released updates. It is an independent update addressing the specific security vulnerability mentioned.
References:
If you’re interested in learning more about the standard terminology surrounding Microsoft software updates, we recommend reviewing the references provided in the original Microsoft documentation.
Conclusion:
Ensuring the security of your system is of utmost importance, and applying updates promptly is an essential step towards achieving that goal. By installing the KB5034439 update, you protect your Azure Stack HCI Version 22H2 and Windows Server 2022 from potential attacks exploiting the Windows Recovery Environment. Stay secure, stay updated.
Note: This blog post is based on information retrieved from Microsoft’s official documentation.