Solved Is my winre.wim the latest?

steveg · May 8, 2024

FreeBooter said:
The recovery environment hardly gets updated, i have not come cross where malware using WinRE to infect machines WinRE provides recovery tools.

Just had to activate the jinx by saying it didn't you?

Can't imagine anyone being stupid enough to download a WinRE image from a third party though.

SIW2 · May 8, 2024

I dont know why you want it, but for info This is from the latest iso release

en-us_windows_11_consumer_editions_version_23h2_updated_april_2024_x64_dvd_d986680b.iso

the next updated iso will probably be released around 20th May

Information for Image 1
-----------------------
Index: 1
Name: Microsoft Windows Recovery Environment (amd64)
Description: Microsoft Windows Recover Environment (amd64)
Directory Count: 5444
File Count: 20870
Total Bytes: 2922542869
Hard Link Bytes: 1281218300
Creation Time: Sat May 07 05:53:32 2022 UTC
Last Modification Time: Fri Apr 05 22:39:40 2024 UTC
Architecture: x86_64
Product Name: Microsoft« Windows« Operating System
Edition ID: WindowsPE
Installation Type: WindowsPE
Product Type: WinNT
Languages: en-US
Default Language: en-US
System Root: WINDOWS
Major Version: 10
Minor Version: 0
Build: 22621
Service Pack Build: 3447
Service Pack Level: 0
WIMBoot compatible: no

kelper · May 8, 2024

FreeBooter said:
The recovery environment hardly gets updated, i have not come cross where malware using WinRE to infect machines WinRE provides recovery tools.

Ok, but please could you answer my question in post #1? I did not ask why, when or if. I just asked how to find out if my winre.wim was the latest available.

FreeBooter · May 8, 2024

kelper said:
Ok, but please could you answer my question in post #1? I did not ask why, when or if. I just asked how to find out if my winre.wim was the latest available.

You find me a Microsoft link that shows every version of WinRe.wim then i can tell you which version you have.

pseymour · May 8, 2024

FreeBooter said:
The recovery environment hardly gets updated, i have not come cross where malware using WinRE to infect machines WinRE provides recovery tools.

Odd stance to take, given the whole CVE-2024-20666 kerfuffle.

FreeBooter · May 8, 2024

pseymour said:
Odd stance to take, given the whole CVE-2024-20666 kerfuffle.

Security update should solve that vulnerability.

pseymour · May 8, 2024

Well duh, but your position was that malware didn’t use RE, but that was the whole point of that patch, that it’s possible.

FreeBooter · May 8, 2024

pseymour said:
Well duh, but your position was that malware didn’t use RE, but that was the whole point of that patch, that it’s possible.

Well you are a rude individual, aren't you i think you did not read physical access its not malware as the malware aren't individuals are just codes.

An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.

pseymour · May 8, 2024

Yes I read the entire CVE.

FreeBooter · May 8, 2024

pseymour said:
Yes I read the entire CVE.

Then where is the malware comes in as the article says attacker with physical access?

A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.

cereberus · May 8, 2024

kelper said:
Because I don't know if a newer version might be worth having! Why does anyone update Windows when they don't know if an update might make their computer function better, be more secure or improve resilience against malware?

WinRE.wim is updated to latest version when Windows versions update. The build for WinRE.wim may not be the same as the Windows build as Windows only updates WinRE.wim as required.

It has worked this way for many years. In other words, there is no need to worry if you have the latest version.

The only times you may end up with an older version is if you manually copied an older version or Windows 11 updates somehow glitched, not updating WinRE.wim.

Regarding updates, one thing is 100% sure, if you do not update, then any known security holes will not be fixed.

Of course, there is a small chance an upgrade does introduce a new issue, but then it will (hopefully) be fixed on the next update.

It is pointless using logic "I am not going to update as that may cause me issues".
The best approach is to make an image backup, update, knowing you can revert IF you get issues.

A lot of people wait until an update has been out for a while before updating, but this is a rather falacious argument, as you do not get protection benefit of any bugs fixed by new update.

Also bugs affect people differently anyway, so you can never tell if you will be affected by a bug until you update. Again the image backup approach is the best approach.

x BlueRobot · May 9, 2024

FreeBooter said:
Then where is the malware comes in as the article says attacker with physical access?

That's just the vector for transmission, some attacks require physically using the device such as DMA drive bys, which is why DMA protection was introduced.

Let's think of it this way, biological viruses (human malware) have different means of transmission such as being physically bitten or breathing in airborne material, the same applies to computer systems.

FreeBooter · May 9, 2024

x BlueRobot said:
That's just the vector for transmission, some attacks require physically using the device such as DMA drive bys, which is why DMA protection was introduced.

Let's think of it this way, biological viruses (human malware) have different means of transmission such as being physically bitten or breathing in airborne material, the same applies to computer systems.

Is this your definition of this or vulnerability or Microsoft?

x BlueRobot · May 9, 2024

That's what attack vector means in CVEs.

FreeBooter · May 9, 2024

Microsoft points an attacker with physical access how is the malware going to physical access to WinRe?

x BlueRobot · May 9, 2024

You're either being deliberately obnoxious or haven't read anything which I've written.

An attack vector is just means of transmission i.e. how a malicious script or program is delivered to the machine. That's all it means.

Some vulnerabilities require physical access in order to setup the exploit.

FreeBooter · May 9, 2024

x BlueRobot said:
You're either being deliberately obnoxious or haven't read anything which I've written.

An attack vector is just means of transmission i.e. how a malicious script or program is delivered to the machine. That's all it means.

Some vulnerabilities require physical access in order to setup the exploit.

I'm reading this article, which one did you read?

Security Update Guide - Microsoft Security Response Center

msrc.microsoft.com

kelper · May 9, 2024

SIW2 said:
I dont know why you want it, but for info This is from the latest iso release

en-us_windows_11_consumer_editions_version_23h2_updated_april_2024_x64_dvd_d986680b.iso

the next updated iso will probably be released around 20th May

Information for Image 1
-----------------------
Index: 1
Name: Microsoft Windows Recovery Environment (amd64)
Description: Microsoft Windows Recover Environment (amd64)
Directory Count: 5444
File Count: 20870
Total Bytes: 2922542869
Hard Link Bytes: 1281218300
Creation Time: Sat May 07 05:53:32 2022 UTC
Last Modification Time: Fri Apr 05 22:39:40 2024 UTC
Architecture: x86_64
Product Name: Microsoft« Windows« Operating System
Edition ID: WindowsPE
Installation Type: WindowsPE
Product Type: WinNT
Languages: en-US
Default Language: en-US
System Root: WINDOWS
Major Version: 10
Minor Version: 0
Build: 22621
Service Pack Build: 3447
Service Pack Level: 0
WIMBoot compatible: no

Since I'm on a higher build number, there would be no point in my downloading that iso.

x BlueRobot · May 9, 2024

FreeBooter said:
I'm reading this article, which one did you read?

Security Update Guide - Microsoft Security Response Center

msrc.microsoft.com

I've read the exact same article, I've just been trying to explain what attack vector means, however, you don't seem to understand that, you've just been back pedalling since @pseymour pointed out your nonsensical stance that you don't need to ever update the Windows RE image since it never contains vulnerabilities which are exploited. That was your original point.

An attack vector is either how a malicious payload is delivered to a machine or how an malicious action is able to be carried out. Some will require physical access to the machine like this example or to be more obvious, conducting DMA drive by attacks.

I give up...

kelper · May 9, 2024

An attack could come in the form of a give-away USB thumb drive. Maybe as part of a promotion, so this would be a physical attack without the attacker directly accessing your computer. I heard an account of someone giving away DVDs outside a large company. It only takes one employee to compromise a whole company's network if they don't have suitable defences.