Skip to content

Instantly share code, notes, and snippets.

@PCAssistSoftware
Last active January 17, 2023 20:25
Show Gist options
  • Save PCAssistSoftware/abd053091eb297e5b9e4bf8742d83e08 to your computer and use it in GitHub Desktop.
Save PCAssistSoftware/abd053091eb297e5b9e4bf8742d83e08 to your computer and use it in GitHub Desktop.
Scan remote computers to ensure version of WinRE.wim is higher than 1105 for CVE-2022-41099
$LastUsed = (Get-Date).AddDays(-365).ToString()
$ADcomputers = Get-ADComputer -Filter "OperatingSystem -notlike '*Server*' -and LastLogonDate -gt '$LastUsed'" | select-object -Expand Name
#$ADcomputers = Get-Content C:\Tmp\computerlist.txt | Foreach {$_.TrimEnd()}
#$ADcomputers = @("PC-1", "PC-2")
$online= @()
$offline = @()
$remoteworking = @()
$remotenotworking = @()
$remotenotworkingwithreason = @()
$tstart = get-date
#Region - Test Connection
$count = 1
Foreach ($ADcomputer in $ADcomputers) {
Write-Progress -Activity "Testing connection" -Status $ADcomputer -PercentComplete (($count / $ADcomputers.Count) * 100)
If (Test-Connection -ComputerName $ADcomputer -Quiet -Count 1 -ErrorAction SilentlyContinue) {
$online += $ADcomputer
}
Else {
$offline += $ADcomputer
}
$count += 1
}
Write-Host("Test Connection Results") -ForegroundColor Black -BackgroundColor White
Write-Host("`r")
Write-Host("Offline: " + $offline.count + "/" + $ADcomputers.count) -ForegroundColor Red
Write-Host("Online: " + $online.count + "/" + $ADcomputers.count) -ForegroundColor Green
Write-Host("`r")
#EndRegion
#Region - Check Remoting
$count = 1
Foreach ($onlinecomputer in $online) {
Write-Progress -Activity "Testing remote access" -Status $onlinecomputer -PercentComplete (($count / $online.Count) * 100)
Try {
$result = Invoke-Command -ComputerName $onlinecomputer { 1 } -ErrorAction Stop
If ($result -eq "1") { $remoteworking += $onlinecomputer }
}
Catch {
If ($PSItem.Exception.Message.Contains("Access is denied")) { $remotenotworkingwithreason += $onlinecomputer + " (Remoting not enabled)" } Else { $remotenotworkingwithreason += $onlinecomputer + " (DNS)" }
$remotenotworking += $onlinecomputer
}
$count += 1
}
Write-Host("Check Remoting Results") -ForegroundColor Black -BackgroundColor White
Write-Host("`r")
Write-Host("Remoting not working: " + $remotenotworking.count + "/" + $online.count) -ForegroundColor Red
Write-Host("Remoting working: " + $remoteworking.count + "/" + $online.count) -ForegroundColor Green
Write-Host("`r")
Write-Host($remotenotworkingwithreason)
Write-Host("`r")
#EndRegion
#Region - Check version of WINRE.WIM
$WINREpatched = @()
$WINREnotpatched = @()
$count = 1
Foreach ($remote in $remoteworking) {
Write-Progress -Activity "Checking if WINRE.WIM is patched" -Status $remote -PercentComplete (($count / $remoteworking.Count) * 100)
#Get current WinRE.wim location
$winre_location = Invoke-Command -ComputerName $remote {(reagentc /info | findstr '\\?\GLOBALROOT\device').replace('Windows RE location: ', '').TRIM()}
#Get current WinRE build version
$temp = Invoke-Command -ComputerName $remote {param($winre_location)(Dism /Get-ImageInfo /ImageFile:$winre_location\winre.wim /index:1).Split([System.Environment]::NewLine)} -ArgumentList $winre_location
foreach ($line in $temp){
if ($line -match "ServicePack Build :"){
$winre_sp_build = $line.Split()[3]
}
}
if ($winre_sp_build -ge 1105){
$WINREpatched += $remote
}
Else {
$WINREnotpatched += $remote
}
$count += 1
}
Write-Host("WINRE.WIN Check") -ForegroundColor Black -BackgroundColor White
Write-Host("`r")
Write-Host("Patched: " + $WINREpatched.count + "/" + $remoteworking.count) -ForegroundColor Red
Write-Host("`r")
Write-Host($WINREpatched | Sort-Object)
Write-Host("`r")
Write-Host("NOT Patched: " + $WINREnotpatched.count + "/" + $remoteworking.count) -ForegroundColor Green
Write-Host("`r")
Write-Host($WINREnotpatched | Sort-Object)
Write-Host("`r")
#EndRegion
$WINREnotpatched | Out-GridView -Title "WINRE NOT Patched - $($WINREnotpatched.count)"
$tend = get-date
new-timespan -start $tstart -end $tend
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment