Created
January 14, 2023 18:01
-
-
Save jones948/d921d5dbc694d810aefea4c6284c90ad to your computer and use it in GitHub Desktop.
Detect Compliance for CVE-2022-41099
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41099 | |
#Note the CVE article links to the November patches as the fix, but I'm going with the January updates and the patch levels are based on those. | |
$patched_Win11_22H2 = [version]"10.0.22621.1105" | |
$patched_Win11_21H2 = [version]"10.0.22000.1455" | |
$patched_Win10_22H2 = [version]"10.0.19045.2486" | |
$patched_Win10_21H2 = [version]"10.0.19044.2486" | |
$patched_Win10_20H2 = [version]"10.0.19042.2486" | |
$patched_Win10_20H1 = [version]"10.0.19041.2486" | |
#Get current WinRE .wim location | |
$winre_loc = (reagentc /info | findstr '\\?\GLOBALROOT\device').replace('Windows RE location: ', '').TRIM() | |
#Get current WinRE build version | |
$temp = (Dism /Get-ImageInfo /ImageFile:$winre_loc\winre.wim /index:1).Split([System.Environment]::NewLine) | |
foreach ($line in $temp){ | |
if ($line -match "Version :"){ | |
$winre_major_ver = $line.Split()[2] | |
} else { | |
if ($line -match "ServicePack Build :"){ | |
$winre_minor_ver = $line.Split()[3] | |
} | |
} | |
} | |
$winre_ver = [Version]($winre_major_ver + "." + $winre_minor_ver) | |
#Check current WinRE patch level against January patch level for compliance. | |
switch ($winre_major_ver) { | |
"10.0.22621" {if ($winre_ver -lt $patched_Win11_22H2){return "Not Compliant"}; break} | |
"10.0.22000" {if ($winre_ver -lt $patched_Win11_21H2){return "Not Compliant"}; break} | |
"10.0.19045" {if ($winre_ver -lt $patched_Win10_22H2){return "Not Compliant"}; break} | |
"10.0.19044" {if ($winre_ver -lt $patched_Win10_21H2){return "Not Compliant"}; break} | |
"10.0.19042" {if ($winre_ver -lt $patched_Win10_20H2){return "Not Compliant"}; break} | |
"10.0.19041" {if ($winre_ver -lt $patched_Win10_20H1){return "Not Compliant"}; break} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Very useful - thanks :)