One of the Windows updates in the current cycle is for KB5034441, which addresses CVE-2024-20666. From what I can tell, exploiting this vulnerability requires physical access, so there's no risk of this being used in remote attacks. The actual risk to most users is probably very low. Still, it allows security features to be bypassed, so it should be fixed.
The problem is that this update is failing for many users with error code 0x80070643. Microsoft claims that this is due to the recovery partition not being large enough on some systems, though the error code is cryptic and unhelpful. Here's what Microsoft said about that:
Known issue Because of an issue in the error code handling routine, you might receive the following error message instead of the expected error message when there is insufficient disk space:
0x80070643 - ERROR_INSTALL_FAILURE
Windows isn't even telling users the correct error. Microsoft claims the update is failing on systems where the recovery partition isn't large enough. From my own experience, I have systems where I allowed the Windows installer to partition the drive automatically, meaning that Windows determined the size of the recovery partition. Windows 10 chose a size of 509 MB on my systems, and this doesn't seem to be scaled depending on the size of the user's drive. For most users, this is probably set automatically by the installer or the computer manufacturer. That said, I've read a user comment that the update failed on a system with a 15 GB recovery partition, so I'm not certain that this can really be blamed on insufficient disk space.
Microsoft's advice to users is that they need to manually resize the recovery partition. The commands are not intuitive, and there's absolutely no reason that Microsoft should be expecting ordinary users to be doing this. Resizing partitions is a fairly high risk operation, one that carries a risk of data loss if not done properly.
This vulnerability probably just isn't a risk at all for most users, but that's not necessarily obvious. They just see the message that a security update failed with a cryptic error message. It's Microsoft's responsibility to ensure that security updates just work when they're being installed on a system in a reasonably standard configuration. If the Windows installer chose a recovery partition of 509 MB, then Microsoft needs to make their updates work with a recovery partition of that size, or they need to automatically resize the partition. This is a dumpster fire, and it's inexcusable to expect Microsoft to expect users to manually repartition their drives.
(Score: 2, Flamebait) by Frosty Piss on Friday January 12, @03:37AM (2 children)
Simply another "Micro$oft Sux" story on the M$ / Apple Hate site. God knows Linux updates and security fixes are flawless magic, and compared to Apple, Google's Android is a security powerhouse because you know Google cares about privacy and has never had a "Walled Garden"... The reality is that there were some bumps in the road for this security patch rollout, but they will undoubtedly be rapidly addressed and corrected.
(Score: 2) by JoeMerchant on Friday January 12, @04:00AM (1 child)
You can make an automatic updater that works on your own desktop pretty easily.
You can make an automatic updater that works on 100 test systems eventually by learning how to recognize configurations that throw off your script and coding branches to accommodate every available test system. Validate and ship, right?
Well, if you have more than 100 customers who monkey with the system in creative ways, there is a very good chance that more than one of their ideas may trip you up.
I just got done automating switching of Ubuntu network configuration between DHCP and one of two fixed IP configurations, network either up or down at the kernel admin setting. That's six states, each able to transition to four other states. But wait, there's more... The network cable can be unplugged, or plugged into a network without or with a DHCP service running on it, so not six states but more like eighteen, with six possible transitions out of each.
Using nmcli and ip, there are fun wrinkles like needing to erase the fixed IP address configuration on nmcli when turning on DHCP client (auto mode), and if you have a gateway configured you have to erase it before erasing the fixed IP address. There's IP4 and IP6 settings, oh and do you want an option to specify DNS servers with that?
(Score: 2) by RS3 on Friday January 12, @04:46AM
Did that include modding the routing table? I assume yes. Always fun stuff, especially when you're remote into the system and you remove your own route. I'm pretty sure I never did that. I've done similar dumb things, but can always remote into another system and remote from there to the target.
(Score: 1) by Runaway1956 on Friday January 12, @03:45AM
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20666 [microsoft.com]
The vulnerability affects all current versions of Windows, but it's not clear that the update affects them all.
(Score: 2) by bzipitidoo on Friday January 12, @03:58AM (2 children)
MS update failures are too often blamed on a lack of storage space. Seems to be the default advice on the web when an update fails. The recovery partition isn't big enough. Or the boot partition isn't big enough. Whatever.
They lie. For the heck of it, on a machine where the update process for the latest update reached 99% before failing, I tried enlarging these partitions. The update still fails at 99%.
Anyone who updates Windows knows how incredibly irritating that is. Because even when it is working correctly, the Windows update process is godawful slow. Naturally, MS doesn't feel they need to admit their update process is slow, let alone explain why. To get to 99%, and then have it announce that it failed and is undoing the changes, arrgh.
(Score: 2) by krishnoid on Friday January 12, @04:51AM
I'll take this opportunity to provide a link on how to delay updates by a month [pcmag.com], until you are ready to run the update manually and reboot the system yourself.
(Score: 2) by RS3 on Friday January 12, @04:52AM
I've had more problems with mysterious permissions problems. Often the update is trying to update a file that it can't get control of. A couple of times I had to shut down, mount the disc as slave in another system, manually copy in the updated files. Fairly often with Windows I get incorrect errors. Sometimes when trying to delete a folder and it gives some kind of permission error, or incorrectly says a file is in use (when it is not). Go in and delete the files, then back up one directory level and you can delete the folder. A few times I've had to resort to using "icacls". That's so much fun.
(Score: 2) by jb on Friday January 12, @04:39AM
Repartitioning the disc is indeed the first step to fixing the problem: just delete all the existing partitions, then install a sane operating system instead. Problem solved.