Client Management Suite

 View Only

  • 1.  WinRE gather version custom inventory help (CVE-2022-41099)

    Trusted Advisor
    Posted Jan 19, 2023 08:17 PM
    Can someone help me create custom inventory for gathering WinRE version in order to target clients for CVE-2022-41099?

    I took a stab with below but am missing something. If I do a write-host just running the powershell script under "#Gather winRE Information" - it outputs what I want so I feel like I'm close but I'm missing something with the add row of data.

    Thanks for any advice.

    # Create instance of Altiris NSE component
# Please don't modify this GUID -->
$nse = New-Object -com Altiris.AeXNSEvent
$nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}"
$nse.Priority = 1
#<--

# Modify this varaible with the custom data class guid
$objDCInstance = $nse.AddDataClass("{myGUIDHere}")
$objDataClass = $nse.AddDataBlock($objDCInstance)

#Gather winRE Information
if (reagentc /info | findstr "Disabled") {
$REBuild = "Disabled"
}
else {
$REBuild = (Get-WindowsImage -imagepath ((reagentc /info | findstr "\\?\GLOBALROOT\device").replace("Windows RE location: ", "").TRIM() + "\winre.wim") -index 1).SPBuild
}

{
#Add new row of data
$objDataRow = $objDataClass.AddRow()
$objDataRow.SetField(0, $REBuild)
}


#Send the data
$nse.SendQueued()​


    ------------------------------
    [State]
    ------------------------------


  • 2.  RE: WinRE gather version custom inventory help (CVE-2022-41099)

    Posted Jan 20, 2023 02:21 AM
    Hi Amandaw33,

    Have you checked out the compliance by CVE if the CVE is listed there?

    [cid:image001.png@01D92CB0.7CFA8780]

    Rufus Swart
    Product Specialist: Assets

    +27 10 823 5300


  • 3.  RE: WinRE gather version custom inventory help (CVE-2022-41099)

    Trusted Advisor
    Posted Jan 20, 2023 06:30 AM
    This CVE requires a regular patch to windows and a patch for winRE. I'm trying to work on gathering winRE status/version to do the winRE part which client management doesn't handle.

    ------------------------------
    [State]
    ------------------------------

    Original Message


  • 4.  RE: WinRE gather version custom inventory help (CVE-2022-41099)

    Posted Jan 20, 2023 08:30 AM
    I see what you missed.  In this line:

    $objDCInstance = $nse.AddDataClass("{myGUIDHere}")​

    You need to replace myGUIDHere with the GUID of the custom data class you created to hold the data.  If you haven't done that yet, you can do it from
    Settings
    Discovery and Inventory
    Inventory Solution
    Manage Custom Data Classes


    ------------------------------
    Joe
    ------------------------------

    Original Message


  • 5.  RE: WinRE gather version custom inventory help (CVE-2022-41099)

    Trusted Advisor
    Posted Jan 20, 2023 08:38 AM
    Edited by amandaw33 Jan 20, 2023 08:37 AM
    My GUID is there, I just removed it to sanitize the post. thank you though

    ------------------------------
    [State]
    ------------------------------

    Original Message


  • 6.  RE: WinRE gather version custom inventory help (CVE-2022-41099)

    Trusted Advisor
    Posted Jan 20, 2023 06:13 PM
    support helped

    $nse = New-Object -com Altiris.AeXNSEvent
$nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}"
$nse.Priority = 1


# Modify this varaible with the custom data class guid
$objDCInstance = $nse.AddDataClass("{myGuid}")
$objDataClass = $nse.AddDataBlock($objDCInstance)


#Gather winRE Information
if (reagentc /info | findstr "Disabled") {
        $REBuild = "Disabled"
    }
    else {
    $REBuild = (Get-WindowsImage -imagepath ((reagentc /info | findstr "\\?\GLOBALROOT\device").replace("Windows RE location: ", "").TRIM() + "\winre.wim") -index 1).SPBuild
    }

#Add new row of data
$objDataRow = $objDataClass.AddRow()
$objDataRow.SetField(0, $REBuild)

 

#Send the data
$nse.Send()​


    ------------------------------
    [State]
    ------------------------------

    Original Message