Cumulative Updates
OSD 23.5.15.1+ Updated May 15, 2023
I've added the ability to apply a Cumulative Update to an OSDCloud Template due to the Secure Boot vulnerability. The next two links give some details on the issue
Download the Cumulative Update
Start by downloading the update from Microsoft Update Catalog and specifying the path to the downloaded update. Start by downloading the x64 version at this link if you are using the ADK for Windows 11 version 22H2
Apply the Cumulative Update
Once you have the update downloaded, use the CumulativeUpdate parameter and supply the Path to the downloaded MSU. In the example below I applied this in my default OSDCloud Template as this will be the one I use the most
Cumulative Update is applied
Updated Windows Information is displayed
Boot files are updated
DISM Component Cleanup is run
Apply the WRONG Cumulative Update
It's absolutely possible to apply the wrong Cumulative Update for WinPE, so make sure you understand that the Cumulative Update that you download must match your ADK. So if you are using the ADK for Windows 11 version 22H2, you need the Windows 11 22H2 x64 Cumulative Update
Cumulative Update is applied
Updated Windows Information is displayed. In this case, the UBR did not change
Warning is displayed that the UBR has not been changed. The Boot files will not be updated
DISM Component Cleanup is run
I'm not properly staffed to answer individual questions about which Cumulative Update you need for the ADK you have installed. If this is not something you can resolve on your own, then you should probably wait for updated Media from Microsoft that already has the Secure Boot updates applied
The Code
If you are interested in reviewing how this works, here is a snipped from the New-OSDCloudTemplate function
Last updated
