Sign in with Microsoft
Sign in or create an account.
Hello,
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.

IMPORTANT This update is not needed and will not be offered if your Windows Recovery Environment (WinRE) meets any of the following conditions:

  • If the WinRE recovery partition does not have sufficient free space.

  • If the WinRE recovery partition was manually updated by using the procedure in Add an update package to Windows RE and is already up to date.

  • If the WinRE image has a version greater than or equal to version 10.0.19041.3920. To determine the version of your WinRE image, check the WinREVersion registry value at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion.

  • If your running PC does not have a WinRE recovery partition. To verify if you have WinRE enabled, run the following command in an elevated command prompt: reagentc /info. If WinRE is enabled, you will see Windows RE status in the output with a value of Enabled. In this scenario, this update might be needed.

Change date

Change description

July 9, 2024

  • Added the IMPORTANT note at the top of the article. This note combines the conditions under which this WinRE update is not needed and will not be offered.

  • Revised the NOTE in the "Summary" section about how to increase the WinRE recovery partition to 250 MB of free space.

Summary

This update automatically applies Safe OS Dynamic Update (KB5034232) to the Windows Recovery Environment (WinRE) on a running PC to address a security vulnerability that could allow attackers to bypass BitLocker encryption by using WinRE. For more information, see CVE-2024-20666.

NOTE This update requires 250 MB of free space in the recovery partition to install successfully.

If you would like to make sure your device is offered this update, please follow the Instructions to manually resize your partition or use a sample script to increase the size of the WinRE recovery partition.

Once your partition has sufficient disk space, click Start > Settings > Windows Update > Check for updates to have the update offered to you and then install it.

How to get this update

This update is available through the following release channels.

Release Channel

Available

Windows Update

Yes

Microsoft Update Catalog

No

Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager

No

Prerequisites 

The PC must have 250 MB of free space in the recovery partition to apply this update successfully.

Restart information 

You do not need to restart your device after applying this update.

Verify the installation of this update

To verify the installation of this update, use DISM /Get-Packages to ensure Safe OS Dynamic Update package is present on WinRE. For more information, see Check the WinRE image version.

Removal information

This update cannot be removed once it is applied to a Windows image.

Update replacement information 

This update does not replace any previously released update.

References

Learn about the standard terminology that is used to describe Microsoft software updates.

Facebook LinkedIn Email
SUBSCRIBE RSS FEEDS

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!

×