New script on Github developed by Microsoft to help automate patching - GitHub - takondo/WinREupdate: Sample script to patch WinRE
"This is a sample PowerShell script developed by the Microsoft product team to help automate the patching of WinRE images on Windows 10 and Windows 11 machines"...
Ahh - OK, so yeah that certainly helps, thank you.
I think someone else mentioned this earlier in the thread, but it makes you wonder what stops someone wanting to exploit the vulnerability just overwriting the WIM again with an older version when they have physical access.
I've got a support call logged with Microsoft to see if they have any suggestions on how to roll a fix out to a couple thousand machines. Given the complexity of the script on this thread and the issues it randomly throws up, I don't expect them to have a magic fix, but I'm asking the question...