KB5034957 - CVE-2024-20666 - Updating the WinRE partition
Summary
This script automates the updating of WinRE images on supported Windows operating systems. It updates the WinRE partition on deployed devices to address security vulnerabilities in CVE-2024-20666.
Refer to the article:
Updating the WinRE Partition on Deployed Devices to Address Security Vulnerabilities in CVE-2024-20666
Supported OS:
Sample Run
Dependencies
SWM - Agnostic - KB5034957 - CVE-2024-20666 - Updating the WinRE partition
Global Parameters
| Name | Default | Required | Description |
|---|---|---|---|
| EnableTicketing | 1 | False | 1/0 to toggle between ticket creation for failures while being used as an autofix. |
| FailureEmail | 0 | False | 1/0 to Opt-In/Opt-Out Emails for failures while being used as an autofix. |
| SuccessEmail | 0 | False | 1 to receive the success emails as well, and 0 to ignore. Only usable when FailureEmail is set to 1. |
| EmailAddresses | True | (Only if FailureEmail = 1) Email Address(es) to send the failures. Multiple emails must be separated by a semicolon. e.g., abc@def.com; ghi@jkl.com; mno@pqr.com |
EDF
| Name | Level | Type | Required | Description |
|---|---|---|---|---|
| Update WinRE Partition KB5034957 | Computer | Text | True | It stores the updated result once the script runs successfully on the computer |
Process
- Import the script.
- Execute the script.
- With the device started up into the running version of Windows installed on the device, the script will perform the following steps:
- Mount the existing WinRE image (WINRE.WIM).
- Update the WinRE image with the specified Safe OS Dynamic Update (Compatibility Update) package available from the Windows Update Catalog. We recommend that you use the latest Safe OS Dynamic Update available for the version of Windows installed on the device.
- Unmount the WinRE image.
- If the BitLocker TPM protector is present, reconfigure WinRE for BitLocker service.
Output
- Script Log
- Dataview