On January 9, 2024, Microsoft released the KB5034441 security update for Windows 10 versions 21H2 and 22H2. It comes in addition to Patch Tuesday's KB5034122, and addresses the BitLocker encryption bypass vulnerability (CVE-2024-20666). Sadly, this security patch gives headache to numerous users worldwide. The installation process terminates with the error code 0x80070643.
According to Microsoft employees, although Windows Update displays a generic error message 0x80070643 (ERROR_INSTALL_FAILURE), the actual problem is CBS_E_INSUFFICIENT_DISK_SPACE, arising from insufficient free space on the Windows Recovery Environment (WinRE) partition.
By default, Windows 10 creates a partition of approximately ~500MB, which is smaller than in the new WinRE image included in the KB5034441 package.
As a temporary solution, Microsoft employees recommend that users manually recreate a larger WinRE partition.
To fix the 0x80070643 error when installing KB5034441, do the following.
Fix Error 0x80070643 When Installing KB5034441
- Open a new command prompt as Administrator by pressing Win + R, typing
cmd, and pressing Ctrl + Shift + Enter. - Type
reagentc /infoand hit Enter in the command prompt. - Write down the partition/disk number where the Windows RE location is.
- Now, disable WinRE by running the
reagentc /disablecommand. - Shrink the OS partition and prepare the disk for a new recovery partition.
- To shrink the OS, run
diskpart - Run
list disk - To select the OS disk, run
sel disk<OS disk index>This should be the same disk index as WinRE. - To check the partition under the OS disk and find the OS partition, run
list part - To select the OS partition, run
sel part<OS partition index> - Run
shrink desired=250 minimum=250 - To select the WinRE partition, run
sel part<WinRE partition index> - To delete the WinRE partition, run
delete partition override
- To shrink the OS, run
- Create a new recovery partition.
- First, check if the disk partition style is a GUID Partition Table (GPT) or a Master Boot Record (MBR). To do that, run
list disk. Check if there is an asterisk character (*) in the “Gpt” column. If there is an asterisk character (*), then the drive is GPT. Otherwise, the drive is MBR.-
- If your disk is GPT, run
create partition primary id=de94bba4-06d1-4d40-a16a-bfd50179d6acfollowed by the commandgpt attributes =0x8000000000000001 - If your disk is MBR, run
create partition primary id=27
- If your disk is GPT, run
- To format the partition, run
format quick fs=ntfs label=”Windows RE tools”
-
- To confirm that the WinRE partition is created, run
list vol - To exit from diskpart, run
exit - To re-enable WinRE, run
reagentc /enable - To confirm where WinRE is installed, run
reagentc /info
- First, check if the disk partition style is a GUID Partition Table (GPT) or a Master Boot Record (MBR). To do that, run
You are done!
The support page is here.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
Thanks for your article Sergey. Regards –
You are most welcome
The web-posted KB5034441 fixes work on Intel 806xx product code and newer 807xx Intel 64-bit processor based systems, but do not work on older Intel 805xx processor (like Xeon E3113, Core 2, Core 2 Quad, Core 2 Extreme, dual core Xeon, Pentium D, Celeron D, etc.) based systems. At present MS has released no fix for these older Intel 64-bit processor based systems.
To date, I have successfully created/resized the WinRE partitions and installed KB5034441 after increasing the WinRE partition size in more than 20 Intel 806xx processor I-5 and I-7 laptops/desktops/workstations after resizing and/or creating the WinRE partition correctly with zero failures. However every Intel 805xx based processor system fails the KB5034441 update/installation. I have tried increasing the WinRE drive to over 10MByte size to no avail, re-installing Windows 10/PRO latest/last update/troubleshooting/etc. and many other work a-rounds, including manually installing the code into the WinRE partition (successful equivalence of the KB5034441 but the KB5034441 update still fails even though it is effectively already installed! Sometimes I just laugh!!!)
For tables of the Intel 805xx, 806xx, and 807xx processors check at the bottom of the wikipedia article: List of Intel processors
Hey Sergey! I figured out a faster fix if you’ve got MiniTool Partition Wizard. It can resize the WinRE partition from a GUI interface. Because the Update rebuilds the WinRE partition anyway, you can then simply run the KB update thereafter. Worked for me anyway. HTH,
–Ed–
Thank you very much.
I think this way one can also use tools like Gparted, Acronis Disk Director, etc.
And what about people like myself with an older PC running legacy MBR bios, and no WinRE partition?
Are you affected?
Yes, MBR system with no WinRE partition
You say, “As a *temporary solution, Microsoft employees recommend that users manually recreate a larger WinRE partition.” …
What happens if users do nothing? Will Windows likely come out with the same security update without this associated problem?
And if not, how temporary is this solution?
Contemplating leaving things alone (and missing this update until Microsoft gives me an installable version without managing the partition expansion), since I really don’t understand exactly is happening inside my computer with your directions, some terms of which are “delete” and “format”… Don’t feel confident about executing myself your work around described here… So, what to do?
Thank you,
Michele
You say, “As a *temporary solution, Microsoft employees recommend that users manually recreate a larger WinRE partition.” …
What happens if users do nothing? Will Windows likely come out with the same security update without this associated problem?
And if not, how temporary is this solution?
Contemplating leaving things alone (and missing this update until Microsoft gives me an installable version without managing the partition expansion), since I really don’t understand exactly is happening inside my computer with your directions, some terms of which are “delete” and “format”… Don’t feel confident about executing myself this work around described here (which seems to come verbatim from your Microsoft link at the bottom of the directions)… So, what to do?
Thank you,
Michele
If you cannot do anything right away, disable the specific update in Settings (do not install it).
You can only wait for more convenient fix from Microsoft