Microsoft released a fix for CVE-2022-41099 (a BitLocker Security Feature Bypass Vulnerability) back in November 2022 and published on March 16, 2023 a sample script to help automate updating WinRE.
It helped understand how to find out if the WinRE is patched. It mounts the Winre.wim image and checks the version of bootmenuux.dll file under the $mountDir + “\Windows\System32\bootmenuux.dll”
Do you know that you can check the version of the file without mounting the WinRE.wim image ?
The first step is to get the WinRE.wim location from the running Windows OS using these 2 lines:
$null,$RELoc = ((& (Get-Command "$($env:systemroot)\system32\ReAgentC.exe") @('/info')) |
Where-Object { $_ -match 'Windows\sRE\slocation:' } ) -split ':'
$RELoc = $RELoc.Trim()
The 2nd step consists in listing the content of the image using the built-in Get-WindowsImageContent cmdlet
The basic idea is the following:
Get-WindowsImageContent -ImagePath "$($RELoc)\winre.wim" -Index 1 | Where { $_ -match 'BootMenuUX' } |
Out-GridView -PassThru
Now, how do I extract the correct latest version from this list of file names.
Well, with the following oneliner:
I’ve got 10.0.19041.2247 version installed and it means my WinRE.wim is patched 😎