Microsoft KB5034441 Windows 10 security patch for BitLocker bypass is leading to errors and has a complicated fix

News
By
published

BitLocker bypass vulnerability patch requires manual partition resizing on some systems.

Bitlocker
(Image credit: Microsoft)

Microsoft released security update KB5034441 on Patch Tuesday to fix a BitLocker encryption bypass vulnerability affecting Windows 10 users. However, some users are experiencing an update failure error when trying to install the patch to close the security hole. Microsoft seems to have identified the reason for the patch failure but currently users must face a choice between a potentially risky partition resizing procedure or waiting in the hope of a subsequent fully automated update from the OS vendor.

In its advisory post regarding the issue, Microsoft notes that KB5034441 is designed to patch the Windows Recovery Environment (WinRE). The patch addresses a security vulnerability in Windows 10 21H2 and 22H2 which allows BitLocker encryption to be bypassed simply by using WinRE to access files.

Image 1 of 2
Bitlocker
(Image credit: Future)

Microsoft explains that security update KB5034441 sometimes fails, depending on your system, due to recovery partition sizes being rather variable across PC systems. Specifically, the BitLocker encryption bypass security update will fail if your machine doesn’t have enough spare capacity on the recovery partition to complete the update. Those affected by the issue may also see an error that reads “Windows Recovery Environment servicing failed. (CBS_E_INSUFFICIENT_DISK_SPACE).”

Windows 10 21H2 and 22H2 users who wish to press on with the update can do so with some system configuration changes, says Microsoft. It directs those people to a support page that details how to manually resize a partition to install the WinRE update (by adding 250MB to it). There are quite a lot of steps to follow involving the use of the command line if you choose this manual option. Moreover, there is a possibility that something could go awry when adjusting the disk partition structure. Thus, it would be advisable to create a system disk image backup before trying to resize the WinRE partition manually.

There is quite a busy Reddit thread with people discussing their issues with the security update KB5034441 install failure. Some people have several machines that are all inflicted with this security update halting glitch and aren’t keen to use the manual partition resize option.

As the problem seems so widespread among Windows 10 users, and Microsoft knows it has goofed, we don’t think it will be too long until a full official solution is released.

Mark Tyson
Mark Tyson
News Editor

Mark Tyson is a news editor at Tom's Hardware. He enjoys covering the full breadth of PC tech; from business and semiconductor design to products approaching the edge of reason.

25 Comments Comment from the forums
  • hotaru251
    and this is exactly why forced updates are bad.
    Reply
  • HaninTH
    "As the problem seems so widespread among Windows 10 users, and Microsoft knows it has goofed, we don’t think it will be too long until a full official solution is released."

    yeah, I'll believe it when I see it. I imagine affected users will be affected for at least 3-4 weeks.

    What's the over/under on that?
    Reply
  • TJ Hooker
    hotaru251 said:
    and this is exactly why forced updates are bad.
    Why is this an example of that? The patch doesn't break anything if it fails, it just isn't successful in patching the intended vulnerability.
    Reply
  • AloofBrit
    It's strange that the Recovery partition size varies from install to install

    It also doesn't seem to always be in the same position - in Disk Management sometimes it's before C, and other times after
    Reply
  • jonathan1683
    Bypass encyption? LOL wut?
    Reply
  • dbaldwin
    TJ Hooker said:
    Why is this an example of that? The patch doesn't break anything if it fails, it just isn't successful in patching the intended vulnerability.
    not on my laptop unfortunately, the update security patch failed, and left my laptop with near constant error reporting.. about every second the mouse icon would go busy as error reporting kicked in.. microsofts server must be getting filled up with error reports if my laptop is anything to go by.. i had to hopefully temporary disabled / turn off microsoft error reporting service so could use my laptop without getting mouse icon seizures... seems microsoft forgot about a scenario where your partition that need enlarging for the bitlocker patch to install isn't right next to the main system drive.. crucial SSD's have a feature called momentum, where a small partition is used to cache data to speed it up.. this tends to be next to the main drive partition - the one where this security patch believes the recovery reserved partition should be - extremely carelessness by microsoft on this one.. initially my laptop wouldn't reboot.

    CORRECTION: wasn't the momentum cache (which uses ram but 'over provisioning' which does.
    What is Over Provisioning?
    Over Provisioning (OP) is a feature of Storage Executive that allows you to allocate additional space on the SSD for the controller to use.
    Reply
  • dbaldwin
    AloofBrit said:
    It's strange that the Recovery partition size varies from install to install

    It also doesn't seem to always be in the same position - in Disk Management sometimes it's before C, and other times after
    exactly and not even right next to the C drive, crucial SSDs have a feature called 'momentum caching' were a reserved partition is used to cache read/write data.. (optional).. this also tends to be right next to the main C partition.. also to say on an install error it causes no problems is wrong, it left my laptop mouse icon having near seizures when the windows error reporting service continually kept kicking in., as probably related to the crucial SSD momentum cache partition caused boot problems (fortunately fixed). i had to turn the error reporting off as sadly no expert in understanding error logs. as it was reporting nearly every second to microsoft's servers, suspect they might be getting fairly overloaded by now with logs.. if even only a small percentages of devices are affected.
    Reply
  • dbaldwin
    dbaldwin said:
    exactly and not even right next to the C drive, crucial SSDs have a feature called 'momentum caching' were a reserved partition is used to cache read/write data.. (optional).. this also tends to be right next to the main C partition.. also to say on an install error it causes no problems is wrong, it left my laptop mouse icon having near seizures when the windows error reporting service continually kept kicking in., as probably related to the crucial SSD momentum cache partition caused boot problems (fortunately fixed). i had to turn the error reporting off as sadly no expert in understanding error logs. as it was reporting nearly every second to microsoft's servers, suspect they might be getting fairly overloaded by now with logs.. if even only a small percentages of devices are affected.
    i suspect an update might be coming quicker than normal, if many other laptops are doing second by second error reporting to microsoft, and people don't know or don't wish to turn it off.
    Reply
  • TJ Hooker
    dbaldwin said:
    exactly and not even right next to the C drive, crucial SSDs have a feature called 'momentum caching' were a reserved partition is used to cache read/write data.. (optional).. this also tends to be right next to the main C partition.. also to say on an install error it causes no problems is wrong, it left my laptop mouse icon having near seizures when the windows error reporting service continually kept kicking in., as probably related to the crucial SSD momentum cache partition caused boot problems (fortunately fixed). i had to turn the error reporting off as sadly no expert in understanding error logs. as it was reporting nearly every second to microsoft's servers, suspect they might be getting fairly overloaded by now with logs.. if even only a small percentages of devices are affected.
    Momentum cache uses your system memory (RAM) as a cache, not a separate SSD partition. So it shouldn't be a factor in the issues you're having.

    That being said, I'm sorry to hear this patch is causing you issues. I was just going off what was stated in this article that didn't mention any knock-on effects from a failed patch.
    Reply
  • slurmsmckenzie
    Luckily for me this was just a minor annoyance that the patch kept failing, I found a good guide on Ask Woody and used the MS tool linked from www.blockapatch.com to hide the update as I don't use BitLocker.

    Sorry for those being properly impacted, do hope a solution comes soon.
    Reply