
URL: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-20666
You need to enable JavaScript to run this app.

Security Update Guide - Microsoft Security Response Center


URL: https://www.tenable.com/cve/CVE-2024-20666

  * [Image 0: Tenable]
  * 【0†CVEs】

  * Settings 

###### Links

【1†Tenable Cloud †cloud.tenable.com】【2†Tenable Community & Support †community.tenable.com】【3†Tenable University †university.tenable.com】

Severity 

CVSS v2 CVSS v3 

Theme 

Light Dark Auto 

Help

  * [Image 1: Tenable]
  * Plugins

  * 【4†Overview】
  * 【5†Plugins Pipeline】
  * 【6†Newest】
  * 【7†Updated】
  * 【8†Search】
  * 【9†Nessus Families】
  * 【10†WAS Families】
  * 【11†NNM Families】
  * 【12†LCE Families】
  * 【13†Tenable OT Security Families】
  * 【14†About Plugin Families】
  * 【15†Release Notes】

  * Audits

  * 【16†Overview】
  * 【17†Newest】
  * 【18†Updated】
  * 【19†Search Audit Files】
  * 【20†Search Items】
  * 【21†References】
  * 【22†Authorities】
  * 【23†Documentation】
  * 【24†Download All Audit Files】

  * Policies

  * 【25†Overview】
  * 【26†Search】
  * 【27†AWS Resources】
  * 【28†Azure Resources】
  * 【29†GCP Resources】
  * 【30†Kubernetes Resources】

  * Indicators

  * 【31†Overview】
  * 【32†Search】
  * 【33†Indicators of Attack】
  * 【34†Indicators of Exposure】

  * CVEs

  * 【0†Overview】
  * 【35†Newest】
  * 【36†Search】

  * Attack Path Techniques

  * 【37†Overview】
  * 【38†Search】

    * Links

    * 【1†Tenable Cloud†cloud.tenable.com】
    * 【2†Tenable Community & Support†community.tenable.com】
    * 【3†Tenable University†university.tenable.com】

    * Settings 

    * Severity 

CVSS v2 CVSS v3 

    * Theme 

Light Dark Auto 

###### Detections 

  * Plugins

  * 【4†Overview】
  * 【5†Plugins Pipeline】
  * 【15†Release Notes】
  * 【6†Newest】
  * 【7†Updated】
  * 【8†Search】
  * 【9†Nessus Families】
  * 【10†WAS Families】
  * 【11†NNM Families】
  * 【12†LCE Families】
  * 【13†Tenable OT Security Families】
  * 【14†About Plugin Families】

  * Audits

  * 【16†Overview】
  * 【17†Newest】
  * 【18†Updated】
  * 【19†Search Audit Files】
  * 【20†Search Items】
  * 【21†References】
  * 【22†Authorities】
  * 【23†Documentation】
  * 【24†Download All Audit Files】

  * Policies

  * 【25†Overview】
  * 【26†Search】
  * 【27†AWS Resources】
  * 【28†Azure Resources】
  * 【29†GCP Resources】
  * 【30†Kubernetes Resources】

  * Indicators

  * 【31†Overview】
  * 【32†Search】
  * 【33†Indicators of Attack】
  * 【34†Indicators of Exposure】

###### Analytics 

  * CVEs

  * 【0†Overview】
  * 【35†Newest】
  * 【36†Search】

  * Attack Path Techniques

  * 【37†Overview】
  * 【38†Search】

  1. 【0†CVEs】
  2. CVE-2024-20666

  1. 【0† CVEs】

# CVE-2024-20666 

###### medium

  * 【39†Information】
  * 【40†CPEs】
  * 【41†Plugins】

#### Description 

BitLocker Security Feature Bypass Vulnerability 

#### References

【42†https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20666†msrc.microsoft.com】

#### Details 

Source: 【43†Mitre†cve.mitre.org】, 【44†NVD†nvd.nist.gov】

Published: 2024-01-09

##### 【45†CVSS v3†nvd.nist.gov】

Base Score: 6.6 

Vector: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 

Severity: Medium

  * 【46†Tenable.com】
  * 【47†Community & Support†community.tenable.com】
  * 【48†Documentation†docs.tenable.com】
  * 【49†Education†university.tenable.com】

  * © 2024 Tenable®, Inc. All Rights Reserved
  * 【50†Privacy Policy】
  * 【51†Legal】
  * 【52†508 Compliance】

CVE-2024-20666 | Tenable®

    * 【19†IoT Security Testing SECURE EVERYTHING CONNECTED TO A CONNECTED WORLD】
    * 【20†Premium Support PRIORITY HELP & FASTER SOLUTIONS】

  * 【21†Support & Resources】

    * SUPPORT 
    * 【22†Support Portal CONTACT CUSTOMER SUPPORT】
    * 【23†Product Documentation EXPLORE PRODUCT GUIDES†docs.rapid7.com】
    * 【24†Release Notes DISCOVER THE LATEST PRODUCT UPDATES†docs.rapid7.com】
    * 【25†Contact Us TALK TO SALES】
    * RESOURCES
    * 【26†Fundamentals FOUNDATIONAL SECURITY KNOWLEDGE】
    * 【27†Blog THE LATEST INDUSTRY NEWS AND SECURITY EXPERTISE】
    * 【28†Resources Library E-BOOKS, WHITE PAPERS, VIDEOS & BRIEFS】
    * 【29†Extensions Library PLUGINS, INTEGRATIONS & DEVELOPER COMMUNITY†extensions.rapid7.com】
    * 【30†Webcasts & Events UPCOMING OPPORTUNITIES TO CONNECT WITH US】
    * 【31†Vulnerability & Exploit Database SEARCH THE LATEST SECURITY RESEARCH】

  * 【32†Company】

    * OVERVIEW
    * 【32†About Us OUR STORY】
    * 【33†Leadership EXECUTIVE TEAM & BOARD】
    * 【34†News & Press Releases THE LATEST FROM OUR NEWSROOM】
    * 【35†Careers JOIN RAPID7†careers.rapid7.com】
    * 【36†Our Customers Their Success Stories】
    * 【37†Partners Rapid7 Partner Ecosystem】
    * 【38†Investors Investor Relations†investors.rapid7.com】
    * COMMUNITY & CULTURE
    * 【39†Social Good OUR COMMITMENT & APPROACH】
    * 【40†Rapid7 Cybersecurity Foundation BUILDING THE FUTURE】
    * 【41†Diversity, Equity & Inclusion EMPOWERING PEOPLE】
    * 【42†Open Source STRENGTHENING CYBERSECURITY】
    * 【43†Public Policy ENGAGEMENT & ADVOCACY】

  * 【44†RESEARCH】

  * en 

    * English
    * 【45†日本語】

  * 【46†Sign In†insight.rapid7.com】

[Image 2: Rapid7 logo]

  * 【47† 】

【48†Try Now】

  * 【49†Home】
  * 【31†Vulnerability & Exploit Database】
  * Vulnerabilities

#### Rapid7 Vulnerability & Exploit Database

#  Microsoft CVE-2024-20666: BitLocker Security Feature Bypass Vulnerability

【50† Free InsightVM Trial 】 No Credit Card Necessary

【51† Watch Demo 】 See how it all works

【31† Back to Search】

###  Microsoft CVE-2024-20666: BitLocker Security Feature Bypass Vulnerability

Severity

7

CVSS

(AV:L/AC:L/Au:S/C:C/I:C/A:C)

Published

01/09/2024

Created

01/10/2024

Added

01/09/2024

Modified

01/09/2024

#### Description

Microsoft CVE-2024-20666: BitLocker Security Feature Bypass Vulnerability

#### Solution(s)

  * msft-kb5034119-60443365-9000-401d-90a5-86cc3c19b91f
  * msft-kb5034119-7370674d-0d8c-4399-8ad4-641de65a9c31
  * msft-kb5034119-9569339a-041f-4d48-8715-b95557cec635
  * msft-kb5034121-626fec7e-b8e9-43d8-9f52-bc51cfef9a82
  * msft-kb5034122-0bb93ae1-e347-4018-8d75-631db8b7bbb4
  * msft-kb5034122-3cbe64a9-cbbd-496d-9035-690404e1d9c7
  * msft-kb5034122-94096d51-a1e9-425f-91b8-06fd925e27b4
  * msft-kb5034122-a2c3d773-7083-4aa8-b424-5893d2e75431
  * msft-kb5034123-8d160928-77e1-4f94-b463-07b4ef5f9c17
  * msft-kb5034123-edca49e4-6211-42d3-bee0-1848f88f4afe
  * msft-kb5034127-23001801-06cc-474d-9dca-674225f84bf2
  * msft-kb5034127-56d2f45a-0e70-4c0f-b020-2dd6988913f2
  * msft-kb5034127-63efc888-b3dd-4b7b-aa3f-6e29a67acdea
  * msft-kb5034129-2ca7b439-46a1-4050-88be-da8ce463a63e
  * msft-kb5034129-d70

Microsoft CVE-2024-20666: BitLocker Security Feature Bypass Vulnerability

  15. Now run the respective commands depending on your partition style:

    * If GPT:

                create partition primary id=de94bba4-06d1-4d40-a16a-bfd50179d6ac
        gpt attributes =0x8000000000000001

    * If MBR:

                create partition primary id=27

[Image 14: Create a new Windows Recovery partition]Create a new Windows Recovery partition
  16. Now run the following command while replacing [Label] with a volume label of your choice to format the Recovery partition:

Note: I recommend that you use the name “Recovery Partition” so it is easily identifiable in the future.

        format quick fs=ntfs label=”[Label]”

[Image 15: Format the partition drive]Format the partition drive
  17. Confirm that the WinRE partition is created with this command:

        list vol

  18. Run this command to exit the DiskPart mode:

        exit

  19. No execute this command to re-enable WinRE:

        reagentc /enable

[Image 16: Enable Windows Recovery Environment]Enable Windows Recovery Environment

Once these steps are performed, return to the Windows Update settings page and attempt to reinstall the update KB5034441 by clicking Retry, it should install successfully now.

[Image 17: KB5034441 successfully installed]KB5034441 successfully installed

## Ending words

After many people encountered the error of not being able to install such an important update, Microsoft included the solution in the 【21†release notes for KB5034441†support.microsoft.com】. However, it is an awful lot of steps that are (sort of) mandatory to perform to install the security update.

KB5034441 resolves a critical security vulnerability that should be patched by every Windows 10 user. However, not everyone will take the time to perform these troubleshooting steps to successfully install the update. Microsoft still has a lot of fixing to do so that users can safely use their computers without having to know that their computers are vulnerable to external threats.

If you liked this post, Share it on:

  *   *   *   *   * 

Tags: 【29†Troubleshooting】, 【30†Windows 10 Updates】, 【31†Windows Updates】

## Get Updates in Your Inbox

Sign up for the regular updates and be the first to know about the latest tech information

  Email Address  

       Subscribe 

Related Posts

  * 【32†Download and Install Windows Media Center for Windows 10】

  * 【33†How to install Docker on Windows 10 Home】

  * 【34†5 Ways To Look Up Windows Error Codes In Windows】

  * 【35†2 Ways To Install Youtube App On Windows 11】

  * 【36†Automatically Install Multiple Software In Windows (Unattended Silent Installation)】

  * 【37†How To Install Windows 11 Paint App In Windows 10】

[Image 18]

Subhan Zafar

(【16†1239 articles published】)

Subhan Zafar is an established IT professional with interests in Windows and Server infrastructure testing and research, and is currently working with Itechtics as a research consultant. He has studied Electrical Engineering and is also certified by Huawei (HCNA & HCNP Routing and Switching).

More from Subhan Zafar on 【15†Tech News】, 【14†Windows 10】

→ 【38†Windows 10 KB5034122 Fixes Auto Shutdown With Smart Card Authentication】

→ 【39†What Is Secure Boot And How To Disable It】

→ 【40†What Is Windows Test Mode And How To Enable Or Disable It】

→ 【41†Microsoft Visual Studio 2013 Reaches End Of Support】

→ 【42†How To Reset Windows Registry And Permissions (ACL) To Defaults】

【38†    Previous post】【43†Next post    】

###  8 comments 

  *  

[Image 19: Subhan Zafar] 

##### Anonymous

【44†11 hours ago】  【44†Reply】 

I had the same error when I tried to enable my volume. I looked at the MS article and it has a step omitted here to format the new partition. Check out the KB5028997 article. After I formatted it worked fine.

    *  

[Image 20: Subhan Zafar] 

##### Subhan Zafar

【45†6 mins ago】  【45†Reply】 

Hello,  
Thank you for your feedback. Although the solution worked fine for some, some were still experiencing issues. The missing step has been added above, thank to your input. Cheers!

  *  

[Image 21: Subhan Zafar] 

##### Anonymous

【46†12 hours ago】  【46†Reply】 

I get REAGENTC.EXE: The Windows RE image was not found.

    *  

[Image 22: Subhan Zafar] 

##### Subhan Zafar

【47†40 mins ago】  【47†Reply】 

Hi,  
this error is usually encountered when the Windows recovery Environment partition has now been enabled properly. It is likely that you missed a step in the process above, or another change is that the respective file required to enable the feature is missing from your PC.  
The file you are looking for is the “Winre.WIM” file located in C:\Windows\System32\Recovery.  
If this file is missing, you can copy it from a Windows Installation Media or ISO file. This video will provide a complete guide on ho to restore it and re-enable WinRE:  
【48†https://www.youtube.com/watch?v=DJt7TNcN7iQ†www.youtube.com】

  *  

[Image

Microsoft Patches BitLocker Bypass Vulnerability With KB5034441 For Windows 10; Fails To Install With Error Code 0x80070643

CVE-2024-20666 BitLocker Bypass Info

Expert on Windows patches, providing concise summaries and advice.