CVE-2022-41099, WinRE vulnerability, update, KB5025175, does the script work?
[ Edited to add version numbers that I noticed in the script, and to add a question about the script contents related to that ]
Microsoft have recently(? there’s no date on the webpage, but it was mentioned in a recent Microsoft Security update announcement) updated the WinRE update deployment PowerShell script “PatchWinREScript_2004plus.ps1”.
I’ve run it on two computers (both of them patched-up-to-date Windows 11 23H2), using the file:
windows11.0-kb5037739-x64_d841b10d8b13bb39a95eaa43240b048cebf51f05.cab
.. as downloaded as suggested from the KB article link above as the most recent update package available (dated a few days ago, this month May 2024).
On both, this line appears in the output:
“Warning: After applying the patch, unexpected version found for the target file“
When I look in the (booted OS’) C:WindowsSystem32 at the target file, bootmenuux.dll, on this 23H2 system, it too has the version 10.0.22621.1635 (which a Windows 11 release history webpage says is from 22H2, not from 23H2) about which the update script complains as being unexpected. So I’m not sure that the error is correct, so to speak, or whether the WinRE update worked just fine, and for some reason the script was expecting something _other_ than the currently-correct bootmenuux.dll file? (I suppose it’s possible that Microsoft’s most recent release, even in 23H2, of this particular file, happens to be a patched version still marked as part of the 22H2 release?)
I notice that the script has a list of known Windows version numbers, which only goes up to Windows 11 22H2 22621.815.
The whole output of the update script is below.
Can someone please comment whether:
the windows11.0-kb5037739-x64_d841b10d8b13bb39a95eaa43240b048cebf51f05.cab file from the Windows Update Catalog is in fact the updated, patched version which needs to be baked into WinRE, andthe error from the update script is incorrect, actually the script worked correctly and the WinRE now contains a version of the file which is not vulnerable? or, possiblythe script is NOT actually up-to-date at all, being that it doesn’t explicitly know about Windows versions newer than Windows 11 22H2 ?
(I won’t even ask 4. Why Microsoft hasn’t automated WinRE patching into Windows Update…)
thanks,
PS C:Temp> .PatchWinREScript_2004plus.ps1
cmdlet PatchWinREScript_2004plus.ps1 at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
packagePath: windows11.0-kb5037739-x64_d841b10d8b13bb39a95eaa43240b048cebf51f05.cab
05/30/2024 09:27:29 – No input for mount directory
05/30/2024 09:27:29 – Use default path from temporary directory
05/30/2024 09:27:29 – Working Dir: C:UserslocaladmAppDataLocalTemp
05/30/2024 09:27:29 – MountDir: C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_Mount
05/30/2024 09:27:29 – Create mount directory C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_Mount
Directory: C:UserslocaladmAppDataLocalTemp
Mode LastWriteTime Length Name
—- ————- —— —-
d—– 30/05/2024 09:27 CA551926-299B-27A55276EC22_Mount
05/30/2024 09:27:29 – Set ACL for mount directory
processed file: C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_Mount
Successfully processed 1 files; Failed processing 0 files
processed file: C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_Mount
Successfully processed 1 files; Failed processing 0 files
processed file: C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_Mount
Successfully processed 1 files; Failed processing 0 files
05/30/2024 09:27:29 – Mount WinRE:
REAGENTC.EXE: Operation Successful.
05/30/2024 09:27:42 – TargetFile: C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_MountWindowsSystem32bootmenuux.dll
05/30/2024 09:27:42 – Target file version: 10.0.22621.1635
05/30/2024 09:27:42 – Windows 11, version 22H2
05/30/2024 09:27:42 – Apply package:windows11.0-kb5037739-x64_d841b10d8b13bb39a95eaa43240b048cebf51f05.cab
05/30/2024 09:27:48 – Successfully applied the package
05/30/2024 09:27:48 – Cleanup image
05/30/2024 09:27:50 – Cleanup image succeed
05/30/2024 09:27:50 – TargetFile: C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_MountWindowsSystem32bootmenuux.dll
05/30/2024 09:27:50 – Target file version: 10.0.22621.1635
05/30/2024 09:27:50 – Windows 11, version 22H2
05/30/2024 09:27:50 – Warning: After applying the patch, unexpected version found for the target file
05/30/2024 09:27:50 – Patch succeed, unmount to commit change
Deployment Image Servicing and Management tool
Version: 10.0.22621.2792
Saving image
[==========================100.0%==========================]
Unmounting image
[==========================100.0%==========================]
The operation completed successfully.
05/30/2024 09:28:23 – Delete mount direcotry
[ Edited to add version numbers that I noticed in the script, and to add a question about the script contents related to that ] At https://support.microsoft.com/en-gb/topic/kb5025175-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2022-41099-ba6621fa-5a9f-48f1-9ca3-e13eb56fb589#articleFooterSupportBridge=communityBridgeMicrosoft have recently(? there’s no date on the webpage, but it was mentioned in a recent Microsoft Security update announcement) updated the WinRE update deployment PowerShell script “PatchWinREScript_2004plus.ps1″.I’ve run it on two computers (both of them patched-up-to-date Windows 11 23H2), using the file:windows11.0-kb5037739-x64_d841b10d8b13bb39a95eaa43240b048cebf51f05.cab.. as downloaded as suggested from the KB article link above as the most recent update package available (dated a few days ago, this month May 2024).On both, this line appears in the output:”Warning: After applying the patch, unexpected version found for the target file” When I look in the (booted OS’) C:WindowsSystem32 at the target file, bootmenuux.dll, on this 23H2 system, it too has the version 10.0.22621.1635 (which a Windows 11 release history webpage says is from 22H2, not from 23H2) about which the update script complains as being unexpected. So I’m not sure that the error is correct, so to speak, or whether the WinRE update worked just fine, and for some reason the script was expecting something _other_ than the currently-correct bootmenuux.dll file? (I suppose it’s possible that Microsoft’s most recent release, even in 23H2, of this particular file, happens to be a patched version still marked as part of the 22H2 release?) I notice that the script has a list of known Windows version numbers, which only goes up to Windows 11 22H2 22621.815. The whole output of the update script is below.Can someone please comment whether:the windows11.0-kb5037739-x64_d841b10d8b13bb39a95eaa43240b048cebf51f05.cab file from the Windows Update Catalog is in fact the updated, patched version which needs to be baked into WinRE, andthe error from the update script is incorrect, actually the script worked correctly and the WinRE now contains a version of the file which is not vulnerable? or, possiblythe script is NOT actually up-to-date at all, being that it doesn’t explicitly know about Windows versions newer than Windows 11 22H2 ?(I won’t even ask 4. Why Microsoft hasn’t automated WinRE patching into Windows Update…) thanks, PS C:Temp> .PatchWinREScript_2004plus.ps1
cmdlet PatchWinREScript_2004plus.ps1 at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
packagePath: windows11.0-kb5037739-x64_d841b10d8b13bb39a95eaa43240b048cebf51f05.cab
05/30/2024 09:27:29 – No input for mount directory
05/30/2024 09:27:29 – Use default path from temporary directory
05/30/2024 09:27:29 – Working Dir: C:UserslocaladmAppDataLocalTemp
05/30/2024 09:27:29 – MountDir: C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_Mount
05/30/2024 09:27:29 – Create mount directory C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_Mount
Directory: C:UserslocaladmAppDataLocalTemp
Mode LastWriteTime Length Name
—- ————- —— —-
d—– 30/05/2024 09:27 CA551926-299B-27A55276EC22_Mount
05/30/2024 09:27:29 – Set ACL for mount directory
processed file: C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_Mount
Successfully processed 1 files; Failed processing 0 files
processed file: C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_Mount
Successfully processed 1 files; Failed processing 0 files
processed file: C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_Mount
Successfully processed 1 files; Failed processing 0 files
05/30/2024 09:27:29 – Mount WinRE:
REAGENTC.EXE: Operation Successful.
05/30/2024 09:27:42 – TargetFile: C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_MountWindowsSystem32bootmenuux.dll
05/30/2024 09:27:42 – Target file version: 10.0.22621.1635
05/30/2024 09:27:42 – Windows 11, version 22H2
05/30/2024 09:27:42 – Apply package:windows11.0-kb5037739-x64_d841b10d8b13bb39a95eaa43240b048cebf51f05.cab
05/30/2024 09:27:48 – Successfully applied the package
05/30/2024 09:27:48 – Cleanup image
05/30/2024 09:27:50 – Cleanup image succeed
05/30/2024 09:27:50 – TargetFile: C:UserslocaladmAppDataLocalTempCA551926-299B-27A55276EC22_MountWindowsSystem32bootmenuux.dll
05/30/2024 09:27:50 – Target file version: 10.0.22621.1635
05/30/2024 09:27:50 – Windows 11, version 22H2
05/30/2024 09:27:50 – Warning: After applying the patch, unexpected version found for the target file
05/30/2024 09:27:50 – Patch succeed, unmount to commit change
Deployment Image Servicing and Management tool
Version: 10.0.22621.2792
Saving image
[==========================100.0%==========================]
Unmounting image
[==========================100.0%==========================]
The operation completed successfully.
05/30/2024 09:28:23 – Delete mount direcotry Read More
