Running into the 0x80070643 error when trying to install the Windows 10 security update KB5034441? You’re not alone. This security update, aimed at fixing a BitLocker encryption bypass vulnerability (CVE-2024-20666), has been causing installation headaches for users around the globe. But don't worry, there's a way to fix it.

The root cause of the error 0x80070643 is insufficient disk space in the Windows Recovery Environment (WinRE) partition. Typically, Windows 10 creates a recovery partition of about 500MB, but the new WinRE image included in the KB5034441 package requires more space, leading to the error.

Fixing Error 0x80070643

Microsoft has suggested a solution that involves manually recreating a larger WinRE partition. This might sound a bit technical, but we'll guide you through the process step by step. Remember, it's important to back up your data before proceeding, as there's always a risk of data loss when modifying disk partitions.

1. Open Command Prompt with Admin and Temporarily Disable WinRE:

  1. Right-click on the Start button on the Taskbar and select 'Terminal (admin)' from the menu.
  2. In the Terminal Command Prompt window, type reagentc /disable and press Enter. This step temporarily disables the Windows Recovery Environment.

2. Prepare for Partition Resizing:

  1. Type diskpart and press Enter to launch the Disk Partition tool.
  2. Type list disk and press Enter to display all disks. Identify the disk where your OS is installed (usually Disk 0).
  3. Type sel disk X (replace X with the number of your OS disk) and press Enter.
  4. Type list part to see all partitions. Identify the partition numbers for both the OS and the WinRE partition.
  5. Select the OS partition by typing sel part Y (replace Y with your OS partition number) and shrink it by typing shrink desired=250 minimum=250 and press Enter. This creates 250MB of unallocated space.

3. Delete the Old WinRE Partition:

  1. Select the WinRE partition by typing sel part Z (replace Z with the WinRE partition number).
  2. Type delete partition override to remove the old WinRE partition.

4. Create a New WinRE Partition:

  1. Check if your disk is GPT (GUID Partition Table) or MBR (Master Boot Record) by looking for an asterisk (*) in the 'Gpt' column when you ran list disk.
  2. For GPT, type create partition primary id=de94bba4-06d1-4d40-a16a-bfd50179d6ac followed by gpt attributes =0x8000000000000001.
  3. For MBR, simply type create partition primary id=27.
  4. Format the new partition by typing format quick fs=ntfs label="Windows RE tools".

5. Re-enable WinRE:

  1. Exit DiskPart by typing exit.
  2. Re-enable WinRE by typing reagentc /enable.
  3. Verify the installation by typing reagentc /info.

Once you've successfully completed these steps, restart your computer and try installing the KB5034441 update again. This should resolve the error and allow the update to be installed correctly.

If you're not comfortable performing these steps, or if they seem too complex, it’s okay to wait. Microsoft is aware of the issue and is working on a simpler, automated solution that should be available through Windows Update. Until then, your device might be at risk if left unpatched, but remember, the vulnerability requires physical access to your device, which somewhat reduces the risk.

Always ensure your data is backed up before attempting any fixes, and consider seeking professional help if you're unsure.