Client Management Suite

 View Only
  • 1.  WinRE gather version custom inventory help (CVE-2022-41099)

    Trusted Advisor
    Posted Jan 19, 2023 08:17 PM
    Can someone help me create custom inventory for gathering WinRE version in order to target clients for CVE-2022-41099?

    I took a stab with below but am missing something. If I do a write-host just running the powershell script under "#Gather winRE Information" - it outputs what I want so I feel like I'm close but I'm missing something with the add row of data.

    Thanks for any advice.

    # Create instance of Altiris NSE component
    # Please don't modify this GUID -->
    $nse = New-Object -com Altiris.AeXNSEvent
    $nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}"
    $nse.Priority = 1
    #<--
    
    # Modify this varaible with the custom data class guid
    $objDCInstance = $nse.AddDataClass("{myGUIDHere}")
    $objDataClass = $nse.AddDataBlock($objDCInstance)
    
    #Gather winRE Information
    if (reagentc /info | findstr "Disabled") {
    $REBuild = "Disabled"
    }
    else {
    $REBuild = (Get-WindowsImage -imagepath ((reagentc /info | findstr "\\?\GLOBALROOT\device").replace("Windows RE location: ", "").TRIM() + "\winre.wim") -index 1).SPBuild
    }
    
    {
    #Add new row of data
    $objDataRow = $objDataClass.AddRow()
    $objDataRow.SetField(0, $REBuild)
    }
    
    
    #Send the data
    $nse.SendQueued()​


    ------------------------------
    [State]
    ------------------------------


  • 2.  RE: WinRE gather version custom inventory help (CVE-2022-41099)

    Posted Jan 20, 2023 02:21 AM
    Hi Amandaw33,

    Have you checked out the compliance by CVE if the CVE is listed there?

    [cid:image001.png@01D92CB0.7CFA8780]

    Rufus Swart
    Product Specialist: Assets

    +27 10 823 5300<tel:+27%2010%20823%205300>
    +27 82 532 3250
    rufuss@dotcomsecurity.co.za<mailto:rufuss@dotcomsecurity.co.za> [cid:full_ceb98e4e-74e5-4465-98ff-b2dae7d1a52b.png] <https: www.dotcomsecurity.co.za/="">

    byls bridge office park centurion gauteng 0157
    www.dotcomsecurity.co.za<http: www.dotcomsecurity.co.za="">

    <https: www.linkedin.com/company/dotcom-security="">[cid:linkedin_smallest_5697ca4f-5717-402c-9ca9-c8504e4ebfb0.png]<https: www.linkedin.com/company/dotcom-security=""> <https: www.facebook.com/dotcomsoftwaresolutions/=""> [cid:facebook_smallest1_27395423-ad7e-46db-8ef2-bf8978015e01.png] <https: www.facebook.com/dgcybersolutions=""> <https: www.instagram.com/software_solutionssa/=""> [cid:instagram_smallest_c58443e8-826b-4124-a84e-29caed7eae6a.png] <https: www.instagram.com/dotcomsecuritysolutions/="">



    EMAIL DISCLAIMER - This message contains privileged and confidential information intended only for the person or entity to which it is addressed. Any review, retransmission, dissemination, copy or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient, is prohibited. If you received this message in error, please notify the sender immediately by e-mail, facsimile or telephone and thereafter delete the material from any computer. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the view of the entity.




  • 3.  RE: WinRE gather version custom inventory help (CVE-2022-41099)

    Trusted Advisor
    Posted Jan 20, 2023 06:30 AM
    This CVE requires a regular patch to windows and a patch for winRE. I'm trying to work on gathering winRE status/version to do the winRE part which client management doesn't handle.

    ------------------------------
    [State]
    ------------------------------



  • 4.  RE: WinRE gather version custom inventory help (CVE-2022-41099)

    Posted Jan 20, 2023 08:30 AM
    I see what you missed.  In this line:

    $objDCInstance = $nse.AddDataClass("{myGUIDHere}")​

    You need to replace myGUIDHere with the GUID of the custom data class you created to hold the data.  If you haven't done that yet, you can do it from


    ------------------------------
    Joe
    ------------------------------



  • 5.  RE: WinRE gather version custom inventory help (CVE-2022-41099)

    Trusted Advisor
    Posted Jan 20, 2023 08:38 AM
    Edited by amandaw33 Jan 20, 2023 08:37 AM
    My GUID is there, I just removed it to sanitize the post. thank you though

    ------------------------------
    [State]
    ------------------------------



  • 6.  RE: WinRE gather version custom inventory help (CVE-2022-41099)

    Trusted Advisor
    Posted Jan 20, 2023 06:13 PM
    support helped

    $nse = New-Object -com Altiris.AeXNSEvent
    $nse.To = "{1592B913-72F3-4C36-91D2-D4EDA21D2F96}"
    $nse.Priority = 1
    
    
    # Modify this varaible with the custom data class guid
    $objDCInstance = $nse.AddDataClass("{myGuid}")
    $objDataClass = $nse.AddDataBlock($objDCInstance)
    
    
    #Gather winRE Information
    if (reagentc /info | findstr "Disabled") {
            $REBuild = "Disabled"
        }
        else {
        $REBuild = (Get-WindowsImage -imagepath ((reagentc /info | findstr "\\?\GLOBALROOT\device").replace("Windows RE location: ", "").TRIM() + "\winre.wim") -index 1).SPBuild
        }
    
    #Add new row of data
    $objDataRow = $objDataClass.AddRow()
    $objDataRow.SetField(0, $REBuild)
    
     
    
    #Send the data
    $nse.Send()​


    ------------------------------
    [State]
    ------------------------------