This update automatically applies Safe OS Dynamic Update (KB5034232) to the Windows Recovery Environment (WinRE) on a running PC to address a security vulnerability that could allow attackers to bypass BitLocker encryption by using WinRE. For more information, see CVE-2024-20666.
NOTE If your running PC does not have a WinRE recovery partition, you do not need this update.
This update requires 250 MB of free space in the recovery partition to install successfully. If the recovery partition does not have sufficient free space, this update will fail. In this case, you will receive the following error message:
0x80070643 - ERROR_INSTALL_FAILURE
To avoid this error or recover from this failure, please follow the Instructions to manually resize your partition to install the WinRE update and then try installing this update.
Or, to use a sample script to increase the size of the WinRE recovery partition, see Extend the Windows RE Partition.
How to get this update
This update is available through the following release channels.
Microsoft Update Catalog
Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager
The PC must have 250 MB of free space in the recovery partition to apply this update successfully.
You do not need to restart your device after applying this update.
Verify the installation of this update
To verify the installation of this update, use DISM /Get-Packages to ensure Safe OS Dynamic Update package is present on WinRE. For more information, see Check the WinRE image version.
This update cannot be removed once it is applied to a Windows image.
Update replacement information
This update does not replace any previously released update.
Learn about the standard terminology that is used to describe Microsoft software updates.