Watch out for the recent KB5034441 Windows 10 Update

0 Members and 1 Guest are viewing this topic. Read 3782 times.

andy_c

This one is to fix a security vulnerability associated with the recovery partition.  Many people are experiencing a failure of this update, because it puts more data into the recovery partition, which can cause the needed space to exceed its fixed partition size.  See this thread for more info.

I had this failure and didn't even notice it, as I use WuMgr, and it doesn't put up a prominent error message.

One user had to enlarge his recovery partition to 1 GB to get it to work, so I followed the MS directions to do so.

This enlarged the recovery partition okay, but I may have skipped step 3, which caused me to lose the recovery files.  The recovery partition was big enough, but it was non-working because of the missing recovery files.

If this happens, one has to go through a big rigaramarole to fix it.  This involves getting a file called winre.wim from a Windows install ISO, putting it into the
C:\Windows\System32\Recovery folder, and deleting all other files except winre.wim from that folder.  Then from an Admin mode command prompt in that folder, you run:

reagentc /disable
Then
reagentc /enable

The procedure for getting the winre.wim file from the Windows ISO can be found here.  I had to do it with the install.esd file (as they mention at the beginning of the article), as there was no install.wim in my ISO file.

I finally got it working, but the whole thing was pretty much of a clusterfark, so I thought I'd warn everyone.
« Last Edit: 11 Jan 2024, 05:34 am by andy_c »

FullRangeMan

  • Volunteer
  • Posts: 21249
  • To whom more was given more will be required.
    • Never go to a psychiatrist, adopt a straycat or dog. On the street they live only two years average.
Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #1 on: 11 Jan 2024, 02:50 am »
I uninstall all this garbage that MS puts on my PC.

WGH

Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #2 on: 11 Jan 2024, 03:26 am »
Glad you got it all working again.

Everyone knows Patch Tuesday is preceded by Image Monday using one of the free disk imaging programs like Paragon Backup and Recovery Community Edition
https://www.paragon-software.com/us/free/br-free/#

No more clusterfarks.


I've programed in Fortran IV, CP/M and MS DOS and learned computers are very literal, no skipping steps allowed. I've tried and it never ends well. But some days it is harder to stay focused than others.


Why do you use WuMgr?

andy_c

Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #3 on: 11 Jan 2024, 03:52 am »
Glad you got it all working again.

Everyone knows Patch Tuesday is preceded by Image Monday using one of the free disk imaging programs like Paragon Backup and Recovery Community Edition
https://www.paragon-software.com/us/free/br-free/#

No more clusterfarks.

Yes, I use Macrium Reflect Free, but unfortunately it's no longer supported by them.  It still works fine, but I need to decide what I'm going to replace it with.

I've programed in Fortran IV, CP/M and MS DOS and learned computers are very literal, no skipping steps allowed. I've tried and it never ends well. But some days it is harder to stay focused than others.

Same here.  There's some audio-related software I wrote, at my site link.

In my case, skipping the step wasn't intentional.  I was going back and forth looking at the command line and the MS web page, and ended up skipping a line of the instructions.

After writing the post above, I found the update failed on my HTPC too.  I carefully followed the MS instructions for making a bigger recovery partition and it all worked fine.

Why do you use WuMgr?

I just like having the control it offers.  On the "Auto Update" tab, I choose the "Disable Automatic Updates" option.  So it only updates when I ask it to.  It's done by clicking the oddly-named "Search" button, which gives you a checked list of available updates.  You choose the ones you want, then click the install button.  It's like the Windows 7 update used to be, except that it always works.  I'm really happy with it.

WGH

Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #4 on: 12 Jan 2024, 12:23 am »
We are dinosaurs, soon to be extinct. Growing up with DOS and early versions of Windows we can't help but to fiddle with the settings, surely after all these years we have to know more than Microsoft engineers, most weren't born yet when we started noodling. I no longer go into the registry to fine tune the swap file or anything else. Windows 11 turns a computer into an appliance.

I just updated my 2008 Toshiba Satellite M305D that has the AMD Turion-X2 extra slow processor to the latest Windows 10 update - KB5034122. BitLocker is not enabled so KB5034441 has not shown up (yet). The Recovery Partition has stayed the same exact size.

KB5034122 does include Windows 10 servicing stack update and something to do with BitLocker (again).
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

If the servicing stack is not updated then the reliability of future Microsoft updates could be affected. I suppose if all future Microsoft updates are declined or uninstalled then it is a moot point.
Uninstalling Security Updates in an 8-1/2 year old operating system is another can of worms entirely.

andy_c

Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #5 on: 12 Jan 2024, 03:31 pm »
KB5034122 does include Windows 10 servicing stack update and something to do with BitLocker (again).
This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.

If the servicing stack is not updated then the reliability of future Microsoft updates could be affected. I suppose if all future Microsoft updates are declined or uninstalled then it is a moot point.

Yeah.  I hope people didn't interpret the thread title as meaning that one should ignore the update entirely, forever.  I just wanted to point out that lots of people experienced the failure to install due to the recovery partition not being big enough.  Two out of three of my machines failed the update.

Also, Microsoft's fix for this problem is not appropriate for the average user.  To expect users to mess around with diskpart in an admin mode console, especially when there's partition formatting involved, invites chaos.  If the wrong partition is selected, the user could end up blowing away their C: drive.  Not good.

WGH

Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #6 on: 12 Jan 2024, 08:38 pm »
Yeah.  I hope people didn't interpret the thread title as meaning that one should ignore the update entirely, forever.

Actually, for 99.9% of users, ignoring the error forever is a great idea, if I get the error I will. My cousin and friends get errors all the time when their computers start, they shrug, ignore it and keep on playing.



What the failed patch is supposed to fix:
A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.

I don't use BitLocker but if I did then the attacker would have to break into my house with the right tools and the hacking knowledge to access my storage system and steal something of value to them, although I don't have anything of value in my computer, old business proposals, recipes and photos mostly. I would never keep my private Bitcoin key in a text file in a computer, the key would be written on a yellow sticky tab in a desk drawer.


The existential question that should be considered while sipping a whiskey is why the need to immediately fix the BitLocker flaw? You may have a good reason but I'll bet this flaw has been known about for a long time. This isn't a zero day patch, Microsoft says if it doesn't work we'll try again later, move on, nothing to see here. A failed patch usually means something: DON'T DO IT.




Extra credit reading: Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass.
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-script-to-update-windows-10-winre-with-bitlocker-fixes/

Extra credit podcast: Exit Scam: The Death and Afterlife of Gerald Cotten
In 2018, Gerald Cotten, the founder of Canada's biggest Bitcoin exchange, died under mysterious circumstances during a honeymoon trip to India. His customers were told that the $215 million they'd deposited on the exchange was lost forever — because Gerry had forgotten to leave behind his passwords. But here's the thing: Not everyone believes he's dead. Exit Scam is a miniseries about what really happened to Gerald Cotten and the fortune that disappeared with him.
https://www.audacy.com/podcasts/exit-scam-the-death-and-afterlife-of-gerald-cotten-57657

andy_c

Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #7 on: 13 Jan 2024, 12:02 am »
Extra credit reading: Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass.
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-script-to-update-windows-10-winre-with-bitlocker-fixes/

That's an interesting read.  Good to know there's an easier fix.

As mentioned, I enlarged my recovery partition to 1000 MB.  I can't remember the exact previous size, but I do remember it was just shy of 600 MB.  Just for grins, I looked at my partition data in Macrium Reflect.  The recovery partition is 1000 MB in size, and has 476.7 MB of data on it.  So there's less data on it than its previous size!

WGH

Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #8 on: 22 Jan 2024, 08:12 pm »
The free edition of the Ask Woody tech newsletter has an easy to understand in depth breakdown of KB5034441 Windows 10 update.
Susan Bradley, tech guru and patch expert says "Don't patch"

KB5034441 has led us astray, in a horrible way
https://www.askwoody.com/newsletter/free-edition-kb5034441-has-led-us-astray-in-a-horrible-way/


"To further reinforce my advice not to resize yet, I used a free partition tool on one of my impacted computers. After it ran, the recovery partition was no longer recognized. I fixed that by extracting WinRE.wim from a Windows 10 ISO, then forcing the system to repair itself with a fairly complex process. I’m not going to describe it because I don’t recommend you try it, but it illustrates the danger associated with the problem."

"If you do plan to roll out this update, remember that for Windows 10, the WinRE fix is separate, whereas in Windows 11 it is included in the cumulative update. While I’ve not seen issues with Windows 11, I have seen issues with Windows 10. For IT pros, I can recommend a PowerShell script named WinRE-Customization by Martin Himken to assist you in rolling it out."

"I am not comfortable advising you to resize your partitions. If you click on the wrong thing, you could accidentally delete your entire working hard drive. So I’m still going to strongly recommend that if you are not comfortable with resizing your partitions or using a partition tool to help, skip this update on your Windows 10 PCs. Fortunately, it’s a separate patch — you can use the BlockAPatch tools to hide the update."


The newsletter article has a lot more info about the patch. A good read.

andy_c

Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #9 on: 23 Jan 2024, 04:55 am »
The newsletter article has a lot more info about the patch. A good read.

It was a good read!

I did some more experiments just for the heck of it.  I tried to shrink the recovery partition back down, to maximize space on the C: drive.  The amount of data taken up on the recovery partition after the update was about 473 MB, way less than the 1000 MB I allocated.  I tried the MiniTool Partition Wizard free version for that.  This was recommended over in tenforums.  After the successful resize of the partition, I ran this from an admin command line:

reagentc /info

only to find that the "Windows RE status" was in the "disabled" state, indicating a non-working recovery environment.  Usually, what fixes that is to do a

reagentc /enable

It that doesn't work, you're usually screwed and have to restore the winre.wim.  The reagentc /enable command didn't restore the recovery environment.  Then I remembered that a user on tenforums said they had the same problem.  They rebooted, and afterwards the Windows RE status came back as enabled after checking it again with reagentc /info.  So I tried this as a "hail Mary" play.  Sure enough, after rebooting I ran reagentc /info, and it showed the Windows RE status was in the "enabled" state as it should be.  MiniTool Partition Wizard didn't notify me of the need to reboot before or after the recovery partition resize.

I noticed that the article author was also using MiniTool Partition Wizard.  The quote below is interesting.

Quote
"To further reinforce my advice not to resize yet, I used a free partition tool on one of my impacted computers. After it ran, the recovery partition was no longer recognized. I fixed that by extracting WinRE.wim from a Windows 10 ISO, then forcing the system to repair itself with a fairly complex process. I’m not going to describe it because I don’t recommend you try it, but it illustrates the danger associated with the problem."

She did not say which of the free partition tools she used, but if it was the MiniTool Partition Wizard she mentioned earlier in the article, it's possible that a reboot as described above might have fixed it.

All this is completely nuts of course.  I just get curious at times, and try to learn some things that might save me in a tricky situation in the future.  When I did an upgrade of my 500 GB SATA SSD to a 1 TB M.2 SSD, it took me a couple of days to get everything straightened out.  The SATA SSD had a weird partition structure that didn't conform to the MS recommendations.  Among other problems, I lost the recovery environment in the process of getting the partitions to match what MS recommends.  That was when I first found out about the winre.wim madness.

I also found out that the MS disk management tool shows one less than the actual number of partitions on a drive.  It fails to show the partition of type "MSR" referenced in the linked MS article.  It also fails to show the actual amount of data taken up on the recovery partition.  You get no results when checking its properties.

andy_c

Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #10 on: 3 May 2024, 08:44 pm »
I just found out there's a final word from Microsoft on this update. Here's what they say:

Quote from: Microsoft
Resolution: Automatic resolution of this issue won't be available in a future Windows update. Manual steps are necessary to complete the installation of this update on devices which are experiencing this error.

So their "resolution" is that there will be no resolution.  :)

FullRangeMan

  • Volunteer
  • Posts: 21249
  • To whom more was given more will be required.
    • Never go to a psychiatrist, adopt a straycat or dog. On the street they live only two years average.
Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #11 on: 4 May 2024, 05:54 pm »
As I posted in reply #1 you can uninstall these updates anytime, currently Iam running build 19045, last month I was 19041. MS want transform W10 in W11 until Oct2025 inclusive with copyright control(TPM) embedded in the W10 kernel.

WGH

Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #12 on: 4 May 2024, 06:37 pm »
Yes, Microsoft is ending Windows 10 support including security updates in October 2025 but Win10 fans may be able to keep using their favorite operating systems for a price. Of course Windows 10 will keep working forever without paying Microsoft a dime if you don't mind running an ancient operating system that will become a hacker's paradise without security updates.



Microsoft is ending support for Windows 10 on October 14th, 2025, and you’ll need to pay yearly if you want to continue using the operating system securely. Microsoft will offer Extended Security Updates (ESU) for Windows 10 users, with pricing starting at $61 for the first year.

The pricing for additional security updates will be offered to consumers for the first time ever with Windows 10. Businesses and consumers will need to purchase ESU licenses for each Windows 10 device they plan to keep using after the end of support cutoff date next year.

For businesses, the first year is priced at $61. It then doubles to $122 for the second year and then doubles again in year three to $244. If you enter into the ESU program in year two, you’ll have to pay for year one as well since the ESUs are cumulative.

Microsoft updated its Windows IT Pro Blog post to note that the pricing listed applies to commercial organizations only and that details of consumer pricing “will be shared at a later date.”


https://www.theverge.com/2024/4/3/24120093/microsoft-windows-10-extended-security-updates-price

FullRangeMan

  • Volunteer
  • Posts: 21249
  • To whom more was given more will be required.
    • Never go to a psychiatrist, adopt a straycat or dog. On the street they live only two years average.
Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #13 on: 4 May 2024, 07:03 pm »
Yes, Microsoft is ending Windows 10 support including security updates in October 2025 but Win10 fans may be able to keep using their favorite operating systems for a price. Of course Windows 10 will keep working forever without paying Microsoft a dime if you don't mind running an ancient operating system that will become a hacker's paradise without security updates.



Microsoft is ending support for Windows 10 on October 14th, 2025, and you’ll need to pay yearly if you want to continue using the operating system securely. Microsoft will offer Extended Security Updates (ESU) for Windows 10 users, with pricing starting at $61 for the first year.

The pricing for additional security updates will be offered to consumers for the first time ever with Windows 10. Businesses and consumers will need to purchase ESU licenses for each Windows 10 device they plan to keep using after the end of support cutoff date next year.

For businesses, the first year is priced at $61. It then doubles to $122 for the second year and then doubles again in year three to $244. If you enter into the ESU program in year two, you’ll have to pay for year one as well since the ESUs are cumulative.

Microsoft updated its Windows IT Pro Blog post to note that the pricing listed applies to commercial organizations only and that details of consumer pricing “will be shared at a later date.”


https://www.theverge.com/2024/4/3/24120093/microsoft-windows-10-extended-security-updates-price
This is disinformation for novices, people want get rid of the control that MS has on their personal computer, and get rid of Copyright Control on their video and music files(TPM). W-Defender updates are free.

WGH

Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #14 on: 4 May 2024, 09:49 pm »
... people want get rid of the control that MS has on their personal computer, and get rid of Copyright Control on their video and music files(TPM).

You have mentioned this before. I don't understand yet, can you explain? How does Windows 11 affect copyright control?

I have been using Windows 11 on two computers for almost 2 years. Bought music online, shared that music with friends and between the two computers, watched videos online, shared ripped videos and haven't experienced a blip, warning, mysterious file deletion by big brother, or any other anomalies known or unknown. If Microsoft is spying on me like my smart phone and car does then they all know I'm pretty boring and not a serious threat to their world domination. But I am a sucker for advertising. The Moki Door Step popped up in a phone ad today, now I need one. It's really, really cool.
https://klymit.gathroutdoors.com/products/moki-ascent

Since Windows Defender is part of Windows 10 nobody yet knows what will happen. You might still get monthly anti-virus definitions but the main engine will remain static. It's wait and see, absolutely no reason to jump ship quite yet.


Read Daemon by Daniel Suarez if you want to know where we are heading

FullRangeMan

  • Volunteer
  • Posts: 21249
  • To whom more was given more will be required.
    • Never go to a psychiatrist, adopt a straycat or dog. On the street they live only two years average.
Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #15 on: 4 May 2024, 10:42 pm »
Its what I have told you before in the W11 thread but you have not seen the attached video in Spanish, this time see the video:
https://www.youtube.com/watch?v=cUYr1WNE8_A
TPM or DRM(Digital Rights Management) may be sleeping now in W11 PCs but it will be activated in the near future to compliant the internet control agenda, it wont be nice.

I dont recommend W11 to anyone unless the PC is a business computer, W11 is fully based on DRM or Digital Rights Management, It will control all your PC resources and all the activities you do on your PC such as the number of times you can watch a video, listen to music, open an installed program, open a PDF file, open an image, view a photo etc all based on DRM.

The TPM will not allow you to install a program without a valid certificate or an expired certificate. This TPM hardware is a chip that has been placed in every PC since 2006 dormant and now in W11 this inactive chip will be activated.

On W11 only TPM can communicate with CPU, HD, RAM memory, peripherals, led monitors etc etc... the TPM/DRM also will manage the certificates of the websites your internet browser visits via https to not allow you surf the internet on ''unsafe'' sites and TPM may also block your PC or Server or your hard drive if it is considered ''unsafe'', as is already done with any smartphone and still there is IPv6 to find you.

They already tried do the DRM/TPM thing in the past, it was called Palladium software, initially it appeared in Windows Vista and was removed due protests from users and the Microsoft Community, now in W11 it came back renamed to TPM and is built into the motherboard hardware as a chip.
The TPM chip has been installed silently on all motherboards since 2006 if I remember well.

WGH

Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #16 on: 4 May 2024, 11:52 pm »
I remember these guys from 2 years ago, one is a talking pixel identified as "NH CE". I forgot all about him, wonder how he is doing?

The good thing about doomsday scenarios is all we have to do is wait.

andy_c

Re: Watch out for the recent KB5034441 Windows 10 Update
« Reply #17 on: 5 May 2024, 12:39 am »
As I posted in reply #1 you can uninstall these updates anytime, currently Iam running build 19045, last month I was 19041. MS want transform W10 in W11 until Oct2025 inclusive with copyright control(TPM) embedded in the W10 kernel.

My original post was not about the update having an undesirable effect after installing, but that it failed to install in the first place.  So a post about uninstalling the update does not make any sense in that context.

The problem was that what's needed to get the update to install (command-line utilities etc.) is beyond what typical users are capable of.

My most recent post above was just to state that MS has decided to not provide an "update to the update" to make it installable by typical computer users.

The update, once installed, works fine.