After speaking with tech support on an issue, they determined the reason my WinRE Rescue Media is Windows 11 22000 is because the contents on my WINRETOOLS partition are 22000 and not the latest build.


Is there a way to run some kind of utility to force Windows to download and/or rebuild the WINRETOOLS partition contents to the current version?


Thanks!

+x

 

dbminter - 5 April 2023 11:32 PM

After speaking with tech support on an issue, they determined the reason my WinRE Rescue Media is Windows 11 22000 is because the contents on my WINRETOOLS partition are 22000 and not the latest build.


Is there a way to run some kind of utility to force Windows to download and/or rebuild the WINRETOOLS partition contents to the current version?


Thanks!

I'm by no means an expert, but are you talking about just 'refreshing' the contents of the WinRE partition? (And  I may be misunderstanding your question).

I'm under the impression that if you don't have a 'customized' WinRE content you can just disable then re-enable the WinRE setup in order to get Windows to re-write the data on the WinRE partition (although I have no idea what it uses as a 'base' for this and presume this isn't likely to cause any sort of download update to change this 'base'...).

So, have you tried (from an admin command prompt):

reagentc /info
reagentc /disable
reagentc /enable
reagentc /info

At least when running this from Windows 10, the disable resulted in the WinRE partition as showing only about 16 MB of used space.
Then running the enable showed about 470 MB of used space.

So it appeared to be 'reloading' the contents of the actual WinRE partition itself with something.

I found the ReAgentC tool info, but I doubt it would help in my case.  What has happened is my WINRETOOLS partition contains the old 22000 WinRE contents and not the most current Windows 11 22H2 version of 22621.  So, I needed something that would replace my current WINRETOOLS partition contents with the 22621 version of WinRE.

+x

 

dbminter - 6 April 2023 2:13 AM

I found the ReAgentC tool info, but I doubt it would help in my case.  What has happened is my WINRETOOLS partition contains the old 22000 WinRE contents and not the most current Windows 11 22H2 version of 22621.  So, I needed something that would replace my current WINRETOOLS partition contents with the 22621 version of WinRE.

I don't really know much about how this really works, but is it possible that whatever 'base' is used by the 'enable' (presumably taken from something on the Windows C: partition) might have been updated by the normal windows updates, but the partition itself was not?

If that were to be the case, then I would think that there might be a chance that causing the actual partition contents to be re-written could cause it to be updated to the (possibly) updated version on C:.

Purely a conjecture on my part. though.

If you have Windows installation media, you can mount the install.WIM or install.esd file and browse to \Windows\System32\Recovery inside the mount point, and you will find WinRE.wim there, which you can copy to your WinRE partition. (If you don’t know how to mount a WIM/ESD file, check out Microsoft’s documentation page on the DISM tool. Also remember to expressly unmount it later.) Note however that this will be a generic WinRE.wim file and as such will not contain any additional drivers that might have been added to your system’s actual WinRE.wim file since you first installed Windows. I suppose you could extract those drivers from your existing file and inject them into that generic file — also possible using DISM — but I’m too tired to delve into that right now, so hopefully this gets you started if you really want to head down this path.

There's a fly in this ointment....
January 10, 2023—KB5022303 (OS Build 22621.1105) has this notice:

Important: For Windows Recovery Environment (WinRE) devices, see the updated (1/20/23) Special instructions for Windows Recovery Environment (WinRE) devices in the How to get this update section to address security vulnerabilities in CVE-2022-41099.

---
Special instructions for Windows Recovery Environment (WinRE) devices - updated 1/20/23

Devices with Windows Recovery Environment (WinRE) will need to update the WinRE partition to address security vulnerabilities in CVE-2022-41099. Installing the update normally into Windows will not address this security issue in WinRE. For guidance on how to address this issue in WinRE, please see CVE-2022-41099.

--
Following those instructions for CVE-2022-41099 for determining the current version in the WinRe partition on disk, I can say that after the udate KB5022303 (OS Build 22621.1105) installed via Windows Update (and others that have followed), the version of WinRe has NOT changed.
C:\Users\lwdan>reagentc /info
Windows Recovery Environment (Windows RE) and system reset configuration
Information:
  Windows RE status:   Enabled
  Windows RE location:   \\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE
  Boot Configuration Data (BCD) identifier: d2694386-d227-11ec-8bc9-00e04c68048f
  Recovery image location:
  Recovery image index:  0
  Custom image location:
  Custom image index:   0
--
Deployment Image Servicing and Management tool
Version: 10.0.22621.1
C:\mount\windows>Dism /Get-ImageInfo /ImageFile:\\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE\winre.wim /index:1
Details for image : \\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE\winre.wim
Index : 1
Name : Microsoft Windows Recovery Environment (amd64)
Description : Microsoft Windows Recover Environment (amd64)
Size : 5,466,485,972 bytes
WIM Bootable : No
Architecture : x64
Hal : <undefined>
Version : 10.0.22621
ServicePack Build : 1
ServicePack Level : 0
Edition : WindowsPE
Installation : WindowsPE
ProductType : WinNT
ProductSuite :
System Root : WINDOWS
Directories : 4246
Files : 21837
Created : 2022-05-07 - 00:53:32
Modified : 2022-10-06 - 10:01:17
Languages :
   en-US (Default)
----------------
So it appears that I will have to re-download the 1105 update and copy the new WinRE out of there and install it.  I'm a bit hesitant to do so since the CVE document has this:

Is there a way I can automate the process of updating WinRE on my Windows devices which have already been deployed?

Yes. Microsoft has developed a sample script that can help you automate updating WinRE from the running Windows OS. Please see KB5025175: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2022-41099 for more information.

I plan to investigate that script later today...



L.W. (Dan) Danz, Overland Park KS
Reflect v8.1.7638+ on Windows 11 Home 22H2-22621.2283+  

I'm hoping when the future refresh that updates Windows 11 22H2 to the next major revision build is released it will update my WINRETOOLS contents and make my WinRE media the latest version.  As it stands, my WINRETOOLS contents are 22000 when they used to be 22621.

+x

 

dbminter - 6 April 2023 2:37 PM

I'm hoping when the future refresh that updates Windows 11 22H2 to the next major revision build is released it will update my WINRETOOLS contents and make my WinRE media the latest version.  As it stands, my WINRETOOLS contents are 22000 when they used to be 22621.

This depends if it a full build upgrade or a simpler package enablement method.

I update to latest winre by installing latest windows in hyper-V and then mount the vhdx in host as a drive and copy winre.wim across manually.

+x

 

Dan Danz - 6 April 2023 2:22 PM

There's a fly in this ointment....
January 10, 2023—KB5022303 (OS Build 22621.1105) has this notice:

Important: For Windows Recovery Environment (WinRE) devices, see the updated (1/20/23) Special instructions for Windows Recovery Environment (WinRE) devices in the How to get this update section to address security vulnerabilities in CVE-2022-41099.

---
Special instructions for Windows Recovery Environment (WinRE) devices - updated 1/20/23

Devices with Windows Recovery Environment (WinRE) will need to update the WinRE partition to address security vulnerabilities in CVE-2022-41099. Installing the update normally into Windows will not address this security issue in WinRE. For guidance on how to address this issue in WinRE, please see CVE-2022-41099.

--
Following those instructions for CVE-2022-41099 for determining the current version in the WinRe partition on disk, I can say that after the udate KB5022303 (OS Build 22621.1105) installed via Windows Update (and others that have followed), the version of WinRe has NOT changed.
C:\Users\lwdan>reagentc /info
Windows Recovery Environment (Windows RE) and system reset configuration
Information:
  Windows RE status:   Enabled
  Windows RE location:   \\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE
  Boot Configuration Data (BCD) identifier: d2694386-d227-11ec-8bc9-00e04c68048f
  Recovery image location:
  Recovery image index:  0
  Custom image location:
  Custom image index:   0
--
Deployment Image Servicing and Management tool
Version: 10.0.22621.1
C:\mount\windows>Dism /Get-ImageInfo /ImageFile:\\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE\winre.wim /index:1
Details for image : \\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE\winre.wim
Index : 1
Name : Microsoft Windows Recovery Environment (amd64)
Description : Microsoft Windows Recover Environment (amd64)
Size : 5,466,485,972 bytes
WIM Bootable : No
Architecture : x64
Hal : <undefined>
Version : 10.0.22621
ServicePack Build : 1
ServicePack Level : 0
Edition : WindowsPE
Installation : WindowsPE
ProductType : WinNT
ProductSuite :
System Root : WINDOWS
Directories : 4246
Files : 21837
Created : 2022-05-07 - 00:53:32
Modified : 2022-10-06 - 10:01:17
Languages :
   en-US (Default)
----------------
So it appears that I will have to re-download the 1105 update and copy the new WinRE out of there and install it.  I'm a bit hesitant to do so since the CVE document has this:

Is there a way I can automate the process of updating WinRE on my Windows devices which have already been deployed?

Yes. Microsoft has developed a sample script that can help you automate updating WinRE from the running Windows OS. Please see KB5025175: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2022-41099 for more information.

I plan to investigate that script later today...

I'm just trying to muddle through (and I'm no expert), but I just went through the exercise of using the MS patch script to update my Windows 10 WinRE partition found at https://support.microsoft.com/en-us/topic/kb5025175-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2022-41099-ba6621fa-5a9f-48f1-9ca3-e13eb56fb589 .

Since they seem to say to use the "Safe OS Dynamic Update", I get the impression that that procedure might not update the returned ServicePack Build" level returned from the DISM command you showed.

(At least it didn't seem to for me. And once you apply the patch it makes a registry entry so it won't get far enough on subsequent patch run attempts to tell you if it thinks it was applied other than checking for that registry entry. ).

So verifying that the change has actually been applied may be more complicated.

The patch does do something during the initial run where it seems to verify it was applied, but I wanted a way to tell after the fact if it was still really enabled after doing, say,

  reagentc /disable
  reagentc /enable

But running the patch again just hits the registry entry check and so doesn't seem to do a 'real' check otherwise as best as I could tell.

+x

 

MysteryGuy - 6 April 2023 2:47 PM

+x

 

Dan Danz - 6 April 2023 2:22 PM

There's a fly in this ointment....
January 10, 2023—KB5022303 (OS Build 22621.1105) has this notice:

Important: For Windows Recovery Environment (WinRE) devices, see the updated (1/20/23) Special instructions for Windows Recovery Environment (WinRE) devices in the How to get this update section to address security vulnerabilities in CVE-2022-41099.

---
Special instructions for Windows Recovery Environment (WinRE) devices - updated 1/20/23

Devices with Windows Recovery Environment (WinRE) will need to update the WinRE partition to address security vulnerabilities in CVE-2022-41099. Installing the update normally into Windows will not address this security issue in WinRE. For guidance on how to address this issue in WinRE, please see CVE-2022-41099.

--
Following those instructions for CVE-2022-41099 for determining the current version in the WinRe partition on disk, I can say that after the udate KB5022303 (OS Build 22621.1105) installed via Windows Update (and others that have followed), the version of WinRe has NOT changed.
C:\Users\lwdan>reagentc /info
Windows Recovery Environment (Windows RE) and system reset configuration
Information:
  Windows RE status:   Enabled
  Windows RE location:   \\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE
  Boot Configuration Data (BCD) identifier: d2694386-d227-11ec-8bc9-00e04c68048f
  Recovery image location:
  Recovery image index:  0
  Custom image location:
  Custom image index:   0
--
Deployment Image Servicing and Management tool
Version: 10.0.22621.1
C:\mount\windows>Dism /Get-ImageInfo /ImageFile:\\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE\winre.wim /index:1
Details for image : \\?\GLOBALROOT\device\harddisk0\partition4\Recovery\WindowsRE\winre.wim
Index : 1
Name : Microsoft Windows Recovery Environment (amd64)
Description : Microsoft Windows Recover Environment (amd64)
Size : 5,466,485,972 bytes
WIM Bootable : No
Architecture : x64
Hal : <undefined>
Version : 10.0.22621
ServicePack Build : 1
ServicePack Level : 0
Edition : WindowsPE
Installation : WindowsPE
ProductType : WinNT
ProductSuite :
System Root : WINDOWS
Directories : 4246
Files : 21837
Created : 2022-05-07 - 00:53:32
Modified : 2022-10-06 - 10:01:17
Languages :
   en-US (Default)
----------------
So it appears that I will have to re-download the 1105 update and copy the new WinRE out of there and install it.  I'm a bit hesitant to do so since the CVE document has this:

Is there a way I can automate the process of updating WinRE on my Windows devices which have already been deployed?

Yes. Microsoft has developed a sample script that can help you automate updating WinRE from the running Windows OS. Please see KB5025175: Updating the WinRE partition on deployed devices to address security vulnerabilities in CVE-2022-41099 for more information.

I plan to investigate that script later today...

I'm just trying to muddle through (and I'm no expert), but I just went through the exercise of using the MS patch script to update my Windows 10 WinRE partition found at https://support.microsoft.com/en-us/topic/kb5025175-updating-the-winre-partition-on-deployed-devices-to-address-security-vulnerabilities-in-cve-2022-41099-ba6621fa-5a9f-48f1-9ca3-e13eb56fb589 .

Since they seem to say to use the "Safe OS Dynamic Update", I get the impression that that procedure might not update the returned ServicePack Build" level returned from the DISM command you showed.

(At least it didn't seem to for me. And once you apply the patch it makes a registry entry so it won't get far enough on subsequent patch run attempts to tell you if it thinks it was applied other than checking for that registry entry. ).

So verifying that the change has actually been applied may be more complicated.

The patch does do something during the initial run where it seems to verify it was applied, but I wanted a way to tell after the fact if it was still really enabled after doing, say,

  reagentc /disable
  reagentc /enable

But running the patch again just hits the registry entry check and so doesn't seem to do a 'real' check otherwise as best as I could tell.

to tell run