Skip to main content

What’s everyone doing in regards to the issue with KB5034441? Not feasible in a large environment to change the recovery partition size, and Microsoft is reportedly working on a fix, but no timeline. We have 599 impacted assets with only 70 updated. Majority of those are attempting to patch and users getting Automox restart prompts daily.

I’m going to ignore for now, but was curious what others were doing to deal with this.

There is a pretty in-depth discussion on the sysadmin reddit: https://old.reddit.com/r/sysadmin/comments/192lsy0/no_patch_tuesday_megathread_for_january/kh3y3v4/

 

Most responses with a resolution point to Microsofts documentation which includes a powershell script supposedly remediating the issue: https://support.microsoft.com/en-us/topic/kb5034957-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2024-20666-0190331b-1ca3-42d8-8a55-7fc406910c10

 

This could be run as a Worklet with the latest ‘Safe OS Dynamic Update’ as a payload. As always, make sure to test something like this vigorously.

The other potential approach is to ignore these packages either on the Software page or within a policy itself. There are sporadic reports in the reddit thread about Windows Update not providing this KB to endpoints. Deferring until a February cumulative update might not be the worst idea, but thats a risk each company needs to decide for themselves.


Reply