SailorHF
New member
Hello!
So like many others I have been waiting for months now for Microsoft to fix the issues with automatically updating the WinRE image on the Recovery partition during Windows cumulative updates, so that updates like the fix for the BitLocker bypass through WinRE vulnerability CVE-2024-20666 can be installed. Recently I heard that this fix might not actually ever happen, since MS announced it won't fix this problem on Windows 10 that caused issues with KB5034441 for those users with Recovery partitions too small, or rather, not having enough free space. (It is fairly silly, though, that the Windows installer would create Recovery partitions that are too small, without even asking the user, which is what happened to me too...) On one system, for example, my Recovery partition is 1000 MB, but only has about 80 MB space left, which is not enough of course. (Something I did not know: the classic Disc Management tool does not correctly show free/used space on any other partition except the normal OS and data partitions, special partitions like the Recovery partition always say 100 % free space, even if that is not correct. But, if you go to Windows Settings, System, Storage, Discs and Volumes, you can see all the partitions there also and if you click on Properties on any partition, it will show you the real free space left, very handy.)
I have checked that the monthly Windows updates are not updating my WinRE: when I install the monthly patch, I get a "Windows Recovery Environment servicing failed." Critical event in the Event log, and if I do the Dism /Get-ImageInfo on the winre.wim file on the Recovery partition, its date and version numbers are old, not updated recently even if the patch notes say the patch should update the WinRE.
I have decided I don't really want to wait any longer for MS to fix this issue, even though all the instructions to do it manually seem pretty daunting to me. But I use BitLocker and the Win Home version Device encryption, and don't like the idea of such a bypass being there for some thief to get at my files freely without even any real expertise.
I have read quite a bit on how to do the manual Recovery partition resize, for example: KB5028997: Instructions to manually resize your partition to install the WinRE update - Microsoft Support
The procedure is complicated, but I think I understand it and can follow the steps carefully. However, I ran into two questions that I hope someone knows the answer to.
1) Can I do the manual shrinking of the system partition described in the above article from MS while my BitLocker is still enabled? I assume I can safely do so, since MS did not warn to suspend or disable BitLocker before shrinking the os partition, but... wouldn't be the first time someone makes a mistake writing an article. Has anyone here done the resize while BitLocker is enabled normally? Yes, I do have backups and BitLocker recovery keys safely stored, but I would prefer not to have to go through any extra hassle, time is not free.
2) One of my PCs is an Asus Tuf laptop, and I was surprised to learn that it has 2 Recovery partitions out of the box. I did not do that, it came from the store, new, like that. There is one 1000 MB Recovery partition that has the WinRE image, I checked with the reagentc /info command. But there is also a second partition of only 260 MB, and it looks like that has some Asus stuff as it is shown as "MYASUS" in the Windows Settings under Storage and so on. I believe I should not mess with that smaller MYASUS partition, but, I wonder if it will interfere with the manual resizing of the MS Recovery partition? Because, according to Disc Management, the first partition on the system (first on the left in Disc Management) is the usual UEFI one, then it is followed by the BitLocker-protected OS partition, which is then followed by the 1000 MB Recovery partition where the winre.wim is located, and after that one there is the smaller MYASUS Recovery partition. So, the actual Recovery partition is sandwiched between the OS partition and the MYASUS one, is that a problem if I try to follow the above MS instructions for manually resizing the Recovery partition?
I have been using computers for a long time and this whole thing is making me feel like such a novice... and all this at the same time as the complicated fixes for the Secure Boot Black Lotus vulnerability thing, or the LogoFail UEFI vulnerabilities, makes me feel very old...
Thank you for the help and I hope you all have had a good spring! :)
So like many others I have been waiting for months now for Microsoft to fix the issues with automatically updating the WinRE image on the Recovery partition during Windows cumulative updates, so that updates like the fix for the BitLocker bypass through WinRE vulnerability CVE-2024-20666 can be installed. Recently I heard that this fix might not actually ever happen, since MS announced it won't fix this problem on Windows 10 that caused issues with KB5034441 for those users with Recovery partitions too small, or rather, not having enough free space. (It is fairly silly, though, that the Windows installer would create Recovery partitions that are too small, without even asking the user, which is what happened to me too...) On one system, for example, my Recovery partition is 1000 MB, but only has about 80 MB space left, which is not enough of course. (Something I did not know: the classic Disc Management tool does not correctly show free/used space on any other partition except the normal OS and data partitions, special partitions like the Recovery partition always say 100 % free space, even if that is not correct. But, if you go to Windows Settings, System, Storage, Discs and Volumes, you can see all the partitions there also and if you click on Properties on any partition, it will show you the real free space left, very handy.)
I have checked that the monthly Windows updates are not updating my WinRE: when I install the monthly patch, I get a "Windows Recovery Environment servicing failed." Critical event in the Event log, and if I do the Dism /Get-ImageInfo on the winre.wim file on the Recovery partition, its date and version numbers are old, not updated recently even if the patch notes say the patch should update the WinRE.
I have decided I don't really want to wait any longer for MS to fix this issue, even though all the instructions to do it manually seem pretty daunting to me. But I use BitLocker and the Win Home version Device encryption, and don't like the idea of such a bypass being there for some thief to get at my files freely without even any real expertise.
I have read quite a bit on how to do the manual Recovery partition resize, for example: KB5028997: Instructions to manually resize your partition to install the WinRE update - Microsoft Support
The procedure is complicated, but I think I understand it and can follow the steps carefully. However, I ran into two questions that I hope someone knows the answer to.
1) Can I do the manual shrinking of the system partition described in the above article from MS while my BitLocker is still enabled? I assume I can safely do so, since MS did not warn to suspend or disable BitLocker before shrinking the os partition, but... wouldn't be the first time someone makes a mistake writing an article. Has anyone here done the resize while BitLocker is enabled normally? Yes, I do have backups and BitLocker recovery keys safely stored, but I would prefer not to have to go through any extra hassle, time is not free.
2) One of my PCs is an Asus Tuf laptop, and I was surprised to learn that it has 2 Recovery partitions out of the box. I did not do that, it came from the store, new, like that. There is one 1000 MB Recovery partition that has the WinRE image, I checked with the reagentc /info command. But there is also a second partition of only 260 MB, and it looks like that has some Asus stuff as it is shown as "MYASUS" in the Windows Settings under Storage and so on. I believe I should not mess with that smaller MYASUS partition, but, I wonder if it will interfere with the manual resizing of the MS Recovery partition? Because, according to Disc Management, the first partition on the system (first on the left in Disc Management) is the usual UEFI one, then it is followed by the BitLocker-protected OS partition, which is then followed by the 1000 MB Recovery partition where the winre.wim is located, and after that one there is the smaller MYASUS Recovery partition. So, the actual Recovery partition is sandwiched between the OS partition and the MYASUS one, is that a problem if I try to follow the above MS instructions for manually resizing the Recovery partition?
I have been using computers for a long time and this whole thing is making me feel like such a novice... and all this at the same time as the complicated fixes for the Secure Boot Black Lotus vulnerability thing, or the LogoFail UEFI vulnerabilities, makes me feel very old...
Thank you for the help and I hope you all have had a good spring! :)
- Windows Build/Version
- Win 11 23H2 22631.3447
My Computer
System One
-
- OS
- Windows 11 Home