Updating the WinRE Partition
Purpose
Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2024-20666 by pushing the KB5034957 update.
Associated Content
| Content | Type | Function |
|---|---|---|
| Script - KB5034957 - CVE-2024-20666 - Updating the WinRE partition | Script | This script automates the updating of WinRE images on supported Windows OS. It updates the WinRE partition on deployed devices to address security vulnerabilities in CVE-2024-20666. Refer to article: link |
| Dataview - KB5034957 - CVE-2024-20666 - WinRE Partition Update Status | Dataview | This dataview contains the status of the WinRE update on the agent stored by the script CWA Script - KB5034957 - CVE-2024-20666 - Updating the WinRE partition at computer-EDF 'Update WinRE Partition KB5034957'. |
| Internal Monitor - Update WinRE Partition Detection | Internal Monitor | This monitor detects the online Windows machines whose OS falls under the supported OS criteria using the query (c.os NOT REGEXP 'Windows.* (XP |
| △ Custom - Execute Script - WinRE Partition Updating | Alert Template | This executes the script KB5034957 - CVE-2024-20666 - Updating the WinRE partition on the detected device of monitor Update WinRE Partition Detection. |
Other Content
| Content | Type | Function |
|---|---|---|
| KB5034957 - CVE-2024-20666 - Updating the WinRE partition | Agnostic | Download the required CAB file for the endpoint to patch WinRE for CVE-2024-20666. |
Implementation
-
Import Contents:
- Script - KB5034957 - CVE-2024-20666 - Updating the WinRE partition
- Dataview - KB5034957 - CVE-2024-20666 - WinRE Partition Update Status
- Internal Monitor - Update WinRE Partition Detection
- △ Custom - Execute Script - WinRE Partition Updating
-
Reload the system cache:
-
Enable Solution:
-
Navigate to Automation → Monitors within the CWA Control Center and set up the following:
Internal Monitor - Update WinRE Partition Detection
-
Set up with the △ Custom - Execute Script - WinRE Partition Updating alert template.
-
Right-click and select Run Now to start the monitor.
-
The automation will automatically update the WinRE partition on all supported OS.
-
-
Audit Data:
The Dataview is designed to store the result of the status for the Update WinRE partition.
Dataview - KB5034957 - CVE-2024-20666 - WinRE Partition Update Status -
Ticket/Email Creation:
-
The script has a feature to enable ticketing or sending emails. To set ticketing, it is required to set the ticket category in the monitor itself:
-
Once the ticket category is set, adjust the global parameter value to 1 in the script for EnableTicketing:
-
To send emails, it is mandatory to set the email address. Multiple email addresses can be set, separated by semicolons:
e.g., abc@def.com; ghi@jkl.com; mno@pqr.com
Once the email address is set, you can set the value to 1 for the failure email if you need an email only on failure, set 1 for success email if you want an email for success, or set 1 for both for emails on both success and failure.
-