-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathUpdateWindowsRE.ps1
117 lines (106 loc) · 8.01 KB
/
UpdateWindowsRE.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# Script by Brandon Halsey
# https://github.com/halsey51013/UpdateWindowsRE-CVE-2022-41099
# Script to update Windows Recovery Environment to patch against CVE-2022-41099.
# Supported OS and Builds: Windows 11 (22H2 & 21H2) & Windows 10 (22H2, 21H2, 21H1, & 20H2). Unsure if LTSC will work.
# Built with help from comments of reddit users /u/shiz0_ and /u/DrunkMAdmin and u/JoseEspitia_com
# No warranty implied. Do your own testing prior to running.
try {
if (![Environment]::Is64BitOperatingSystem) {
throw "OS is not 64bit. This script and patches are for 64 bit OS only."
}
if((Test-Path -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired') -or (Test-Path -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending') ){
throw "Computer has pending reboot or pending update. Unable to update WinRE until the computer is rebooted."
}
$PreREBuild = (Get-WindowsImage -imagepath ((reagentc /info | findstr "\\?\GLOBALROOT\device").replace("Windows RE location: ", "").TRIM() + "\winre.wim") -index 1).SPBuild
$PreREModified = (Get-WindowsImage -imagepath ((reagentc /info | findstr "\\?\GLOBALROOT\device").replace("Windows RE location: ", "").TRIM() + "\winre.wim") -index 1).ModifiedTime
Write-Host "RE Build Before: "$PreREBuild
Write-Host "RE Last Modified Before: "$PreREModified
$WinOSBuild = [System.Environment]::OSVersion.Version.Build
if ($WinOSBuild -eq 22621) {
Write-Host "Windows 11 22H2 - Build 22621"
#2023-01 Cumulative Update KB5022303
$MSUPatch = "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2023/01/windows11.0-kb5022303-x64_87d49704f3f7312cddfe27e45ba493048fdd1517.msu"
} elseif ($WinOSBuild -eq 22000) {
Write-Host "Windows 11 21H2 - Build 22000"
#2023-01 Cumulative Update KB5022287
$MSUPatch = "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2023/01/windows10.0-kb5022287-x64_55641f1989bae2c2d0f540504fb07400a0f187b3.msu"
} elseif ($WinOSBuild -eq 19045) {
Write-Host "Windows 10 22H2 - Build 19045"
#2023-01 Cumulative Update KB5022282
$MSUPatch = "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2023/01/windows10.0-kb5022282-x64_fdb2ea85e921869f0abe1750ac7cee34876a760c.msu"
} elseif ($WinOSBuild -eq 19044) {
Write-Host "Windows 10 21H2 - Build 19044"
#2023-01 Cumulative Update KB5022282
$MSUPatch = "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2023/01/windows10.0-kb5022282-x64_fdb2ea85e921869f0abe1750ac7cee34876a760c.msu"
} elseif ($WinOSBuild -eq 19043) {
Write-Host "Windows 10 21H1 - Build 19043"
#2022-12 Cumulative Update KB5021233 -- OS out of support and latest patch is December
$MSUPatch = "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2022/12/windows10.0-kb5021233-x64_00bbf75a829a2cb4f37e4a2b876ea9503acfaf4d.msu"
} elseif ($WinOSBuild -eq 19042) {
Write-Host "Windows 10 20H2 - Build 19042"
#2023-01 Cumulative Update KB5022282
$MSUPatch = "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2023/01/windows10.0-kb5022282-x64_fdb2ea85e921869f0abe1750ac7cee34876a760c.msu"
} else {
throw "OS Build Number not recognized/supported by script. Only Windows 11 (22H2 & 21H2) & Windows 10 (22H2, 21H2, 21H1, & 20H2) supported."
}
#For those that still have not updated .Net Framework to use TLS1.2...
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
#Download patch
$ProgressPreference = 'SilentlyContinue'
Write-Host "Downloading Patch"
$WebRequestResult = Invoke-WebRequest -Uri $MSUPatch -OutFile "C:\Windows\Temp\WinREFix.msu" -UseBasicParsing -PassThru
if($WebRequestResult.StatusCode -eq 200 ){Write-Host "Downloaded patch successfully"} else {throw "Failed to download patch. Output: $REMountResult"}
#Mount WinRE, Patch it, save it, unmount it
if (!(Test-Path -PathType Container -Path "C:\mount")) { New-Item -ItemType Directory -Path "C:\mount" -Force |Out-Null}
Write-Host "Mounting Windows RE"
$REMountResult = ReAgentC.exe /mountre /path c:\mount
if($REMountResult -Match "Operation Successful."){Write-Host "Mounting Windows RE Successful"} else {throw "Mounting Windows RE Image Failed. Output: $REMountResult"}
Write-Host "Running DISM Add-Package"
$DISMAddPackResult = Dism /Add-Package /Image:C:\mount\ /PackagePath:"C:\Windows\Temp\WinREFix.msu"
if($DISMAddPackResult -Match "The operation completed successfully."){Write-Host "DISM Add-Package Successful"} else {throw "DISM Add-Package Failed. Output: $DISMAddPackResult"}
#https://www.reddit.com/r/sysadmin/comments/10a1enh/how_are_you_updating_winre_to_address_cve202241099/j480gos/
Write-Host "Sleeping 30s to prevent DISM Error 0x800f0823"
Start-Sleep -Seconds 30
Write-Host "Running DISM Cleanup-Image"
$DISMCleanupResult = dism /image:C:\mount /cleanup-image /StartComponentCleanup /ResetBase
if($DISMCleanupResult -Match "The operation completed successfully."){Write-Host "DISM Cleanup-Image Successful"} else {throw "DISM Cleanup-Image Failed. Output: $DISMCleanupResult"}
Write-Host "Dismounting and Saving Windows RE"
$REDismountResult = ReAgentC.exe /unmountre /path c:\mount /commit
if($REDismountResult -Match "Operation Successful."){Write-Host "Dismounting and Saving Windows RE Successful"} else {throw "Dismounting and Saving Windows RE Image Failed. Output: $REDismountResult"}
#Output updated build and last modifed dates
$PostREBuild = (Get-WindowsImage -imagepath ((reagentc /info | findstr "\\?\GLOBALROOT\device").replace("Windows RE location: ", "").TRIM() + "\winre.wim") -index 1).SPBuild
$PostREModified = (Get-WindowsImage -imagepath ((reagentc /info | findstr "\\?\GLOBALROOT\device").replace("Windows RE location: ", "").TRIM() + "\winre.wim") -index 1).ModifiedTime
Write-Host "RE Build After: "$PostREBuild
Write-Host "RE Last Modifed After: "$PostREModified
if (($WinOSBuild -eq 22621) -and ($PostREBuild -eq 1105)) {
Write-Host "Windows RE updated successfully to build $PostREBuild"
} elseif (($WinOSBuild -eq 22000) -and ($PostREBuild -eq 1455)) {
Write-Host "Windows RE updated successfully to build $PostREBuild"
} elseif (($WinOSBuild -eq 19045) -and ($PostREBuild -eq 2486)) {
Write-Host "Windows RE updated successfully to build $PostREBuild"
} elseif (($WinOSBuild -eq 19044) -and ($PostREBuild -eq 2486)) {
Write-Host "Windows RE updated successfully to build $PostREBuild"
} elseif (($WinOSBuild -eq 19043) -and ($PostREBuild -eq 2364 )) {
Write-Host "Windows RE updated successfully to build $PostREBuild"
} elseif (($WinOSBuild -eq 19042) -and ($PostREBuild -eq 2486)) {
Write-Host "Windows RE updated successfully to build $PostREBuild"
} else {
throw "Windows RE not updated. WinRE build at start was $PreREBuild and build reported after update was $PostREBuild and this did not match what the KB build number should have been."
}
}catch [System.Net.WebException], [System.IO.IOException] {
Write-Host "ERROR: Unable to download patch"
Write-Host $_
}catch {
Write-Host "ERROR: An error occurred."
Write-Host $_
Write-Host " "
if (Test-Path -PathType Container -Path "C:\mount\Windows") {
Write-Host "Dismounting Windows RE due to it is still mounted. Discarding changes."
ReAgentC.exe /unmountre /path c:\mount /discard
}
}finally {
#Cleanup
Write-Host "Cleaning up files and directories"
if (Test-Path -PathType Container -Path "C:\mount") { Remove-Item -Path "C:\mount" -Force }
if (Test-Path -Path "C:\Windows\Temp\WinREFix.msu") { Remove-Item -Path "C:\Windows\Temp\WinREFix.msu" -Force }
}