MHimken
commented
1 year ago Hey Chris, This is already checked where applicable. However, applying the SOS or Dynamic Updates are "just packages" added to the image. Think 'language packs' or 'optional features', they won't change the SPBuild number - unfortunately - because they are not a 'ServicePack'. If you are applying a GDR or LCU, you can easily just check the SPBuild. That is already leveraged (see https://github.com/MHimken/WinRE-Customization/commit/6dcfd73d7b2dcb79c5bcf816022ace7dc9aad4ee#diff-01a9a7ef4268c8dd58fb03627210ad507bf82c51780e8dcb1de39e389ae9e1f2L562).
This is also mentioned (after extensive updating by Microsoft this year, mind you) in the very document you mention. Important parts are in bold. "The WinRE version number will only change after you add an LCU. If you add a DU package, use DISM /get-packages as described in the steps above to ensure that the package has been added to the image".
Hi,
Love the script and hoping to use it to update a network's worth of machines with CVE-2022-41099
At present I can't see any quick way to check if a machine already has the update though, without running the script again which checks for backups, disables & re-enables WinRE etc.
I notice on the Microsoft article there's a way to 'Check the WInRE image version' prior to adding an update, which would be useful so that I can just put this in a startup script and know that machines are always patched if the script runs.
Would you consider adding the relevant reagentc / DISM magic to allow for ServicePackBuild to be checked, and only run the script if an update is required? I am sure this would be a valuable addition to many: https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/add-update-to-winre?view=windows-11#check-the-winre-image-version