Skip to main content
Solved

2024-01 Windows KB5034441

  • 17 January 2024
  • 1 reply
  • 403 views

Forum|alt.badge.img

What’s everyone doing in regards to the issue with KB5034441? Not feasible in a large environment to change the recovery partition size, and Microsoft is reportedly working on a fix, but no timeline. We have 599 impacted assets with only 70 updated. Majority of those are attempting to patch and users getting Automox restart prompts daily.

I’m going to ignore for now, but was curious what others were doing to deal with this.

Best answer by MarkH-Automox

There is a pretty in-depth discussion on the sysadmin reddit: https://old.reddit.com/r/sysadmin/comments/192lsy0/no_patch_tuesday_megathread_for_january/kh3y3v4/

 

Most responses with a resolution point to Microsofts documentation which includes a powershell script supposedly remediating the issue: https://support.microsoft.com/en-us/topic/kb5034957-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2024-20666-0190331b-1ca3-42d8-8a55-7fc406910c10

 

This could be run as a Worklet with the latest ‘Safe OS Dynamic Update’ as a payload. As always, make sure to test something like this vigorously.

The other potential approach is to ignore these packages either on the Software page or within a policy itself. There are sporadic reports in the reddit thread about Windows Update not providing this KB to endpoints. Deferring until a February cumulative update might not be the worst idea, but thats a risk each company needs to decide for themselves.

View original
How helpful was this post to you?

1 reply

MarkH-Automox
Forum|alt.badge.img
  • Automox Employee
  • 128 replies
  • Answer
  • January 17, 2024

There is a pretty in-depth discussion on the sysadmin reddit: https://old.reddit.com/r/sysadmin/comments/192lsy0/no_patch_tuesday_megathread_for_january/kh3y3v4/

 

Most responses with a resolution point to Microsofts documentation which includes a powershell script supposedly remediating the issue: https://support.microsoft.com/en-us/topic/kb5034957-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2024-20666-0190331b-1ca3-42d8-8a55-7fc406910c10

 

This could be run as a Worklet with the latest ‘Safe OS Dynamic Update’ as a payload. As always, make sure to test something like this vigorously.

The other potential approach is to ignore these packages either on the Software page or within a policy itself. There are sporadic reports in the reddit thread about Windows Update not providing this KB to endpoints. Deferring until a February cumulative update might not be the worst idea, but thats a risk each company needs to decide for themselves.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings