Scan remote computers to ensure version of WinRE.wim is higher than 1105 for CVE-2022-41099

Scan_WinRE.ps1

$LastUsed = (Get-Date).AddDays(-365).ToString()
$ADcomputers = Get-ADComputer -Filter "OperatingSystem -notlike '*Server*' -and LastLogonDate -gt '$LastUsed'" | select-object -Expand Name

#$ADcomputers = Get-Content C:\Tmp\computerlist.txt | Foreach {$_.TrimEnd()}

#$ADcomputers = @("PC-1", "PC-2")

$online= @()
$offline = @()
$remoteworking = @()
$remotenotworking = @()
$remotenotworkingwithreason = @()

$tstart = get-date 

#Region - Test Connection

$count = 1

Foreach ($ADcomputer in $ADcomputers) {
    
    Write-Progress -Activity "Testing connection" -Status $ADcomputer -PercentComplete (($count / $ADcomputers.Count) * 100)

    If (Test-Connection -ComputerName $ADcomputer -Quiet -Count 1 -ErrorAction SilentlyContinue) {
        $online += $ADcomputer
    }
    Else {
        $offline += $ADcomputer
    }
    
    $count += 1

}

Write-Host("Test Connection Results") -ForegroundColor Black -BackgroundColor White
Write-Host("`r")
Write-Host("Offline: " + $offline.count + "/" + $ADcomputers.count) -ForegroundColor Red
Write-Host("Online: " + $online.count + "/" + $ADcomputers.count) -ForegroundColor Green
Write-Host("`r")

#EndRegion


#Region - Check Remoting

$count = 1

    Foreach ($onlinecomputer in $online) {

        Write-Progress -Activity "Testing remote access" -Status $onlinecomputer -PercentComplete (($count / $online.Count) * 100)

        Try {

            $result = Invoke-Command -ComputerName $onlinecomputer { 1 } -ErrorAction Stop

            If ($result -eq "1") { $remoteworking += $onlinecomputer }

        }
        Catch {

            If ($PSItem.Exception.Message.Contains("Access is denied")) { $remotenotworkingwithreason += $onlinecomputer + " (Remoting not enabled)" } Else { $remotenotworkingwithreason += $onlinecomputer + " (DNS)" }
            $remotenotworking += $onlinecomputer
        }

        $count += 1

    }

Write-Host("Check Remoting Results") -ForegroundColor Black -BackgroundColor White
Write-Host("`r")
Write-Host("Remoting not working: " + $remotenotworking.count + "/" + $online.count) -ForegroundColor Red
Write-Host("Remoting working: " + $remoteworking.count + "/" + $online.count) -ForegroundColor Green
Write-Host("`r")
Write-Host($remotenotworkingwithreason)
Write-Host("`r")

#EndRegion


#Region - Check version of WINRE.WIM

$WINREpatched = @()

$WINREnotpatched = @()

$count = 1

 Foreach ($remote in $remoteworking) {

 Write-Progress -Activity "Checking if WINRE.WIM is patched" -Status $remote -PercentComplete (($count / $remoteworking.Count) * 100)


#Get current WinRE.wim location
$winre_location = Invoke-Command -ComputerName $remote {(reagentc /info | findstr '\\?\GLOBALROOT\device').replace('Windows RE location: ', '').TRIM()}

#Get current WinRE build version
$temp = Invoke-Command -ComputerName $remote {param($winre_location)(Dism /Get-ImageInfo /ImageFile:$winre_location\winre.wim /index:1).Split([System.Environment]::NewLine)} -ArgumentList $winre_location

foreach ($line in $temp){
    if ($line -match "ServicePack Build :"){
    $winre_sp_build = $line.Split()[3]
    }
    }

if ($winre_sp_build -ge 1105){
      $WINREpatched += $remote
    }
    Else {
      $WINREnotpatched += $remote
    }

    $count += 1

}

Write-Host("WINRE.WIN Check") -ForegroundColor Black -BackgroundColor White
    Write-Host("`r")
    Write-Host("Patched: " + $WINREpatched.count + "/" + $remoteworking.count) -ForegroundColor Red
    Write-Host("`r")
    Write-Host($WINREpatched | Sort-Object)
    Write-Host("`r")
    Write-Host("NOT Patched: " + $WINREnotpatched.count + "/" + $remoteworking.count) -ForegroundColor Green
    Write-Host("`r")
    Write-Host($WINREnotpatched | Sort-Object)
    Write-Host("`r")

#EndRegion

$WINREnotpatched | Out-GridView -Title "WINRE NOT Patched - $($WINREnotpatched.count)"

$tend = get-date
new-timespan -start $tstart -end $tend