Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

Summary

This update automatically applies Safe OS Dynamic Update (KB5034235) to the Windows Recovery Environment (WinRE) on a running PC to address a security vulnerability that could allow attackers to bypass BitLocker encryption by using WinRE. For more information, see CVE-2024-20666.

NOTE If your running PC does not have a WinRE recovery partition, you do not need this update. To verify if you have WinRE enabled, you can run the following command in an elevated command prompt: reagentc /info

If WinRE is enabled you will see Windows RE status in the output with a value of Enabled.

IMPORTANT

This update requires 250 MB of free space in the recovery partition to install successfully. If the recovery partition does not have sufficient free space, this update will fail. In this case, you will receive the following error message: 

0x80070643 - ERROR_INSTALL_FAILURE 

To avoid this error or recover from this failure, please follow the Instructions to manually resize your partition to install the WinRE update and then try installing this update.

Or, to use a sample script to increase the size of the WinRE recovery partition, see Extend the Windows RE Partition.

How to get this update

This update is available through the following release channels.

Release Channel

Available

Windows Update

Yes

Microsoft Update Catalog

No

Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager

No

Prerequisites 

The PC must have 250 MB of free space in the recovery partition to apply this update.

Restart information 

You do not need to restart your PC after applying this update.

Verify the installation of this update

To verify the installation of this update, use DISM /Get-Packages to ensure Safe OS Dynamic Update package is present on WinRE. For more information, see Check the WinRE image version.

Removal information

This update cannot be removed once it is applied to a Windows image.

Update replacement information 

This update does not replace any previously released update.

References

Learn about the standard terminology that is used to describe Microsoft software updates.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×