From 80d67b31ae1a892c3e691310fabd5671d8adc435 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Fri, 16 Aug 2024 13:13:24 -0400
Subject: [PATCH 1/9] Add tips
Add the following tips:
1) ADK 10.1.26100.1 (May 2024) already had BlackLotus patch in it
2) ADK 10.1.26100.1 (May 2024) and the ADK 10.1.25398.1 (September 2023) are based off **Microsoft server operating system, version 22H2 for x64-based Systems**.
---
windows/deployment/customize-boot-image.md | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index f49b0638233..11a88bd2c99 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -7,7 +7,7 @@ author: frankroj
manager: aaroncz
ms.author: frankroj
ms.topic: conceptual
-ms.date: 05/09/2024
+ms.date: 08/16/2024
ms.subservice: itpro-deploy
appliesto:
- ✅ Windows 11
@@ -25,6 +25,10 @@ The Windows PE (WinPE) boot images that are included with the Windows ADK have a
Microsoft recommends updating Windows PE boot images with the latest cumulative update for maximum security and protection. The latest cumulative updates may also resolve known issues. For example, the Windows PE boot image can be updated with the latest cumulative update to address the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+> [!TIP]
+>
+> The boot images from the [ADK 10.1.26100.1 (May 2024)](/windows-hardware/get-started/adk-install) and later already contain the cumulative updates to address the BlackLotus UEFI bootkit vulnerability.
+
This walkthrough describes how to customize a Windows PE boot image including updating with the latest cumulative update, adding drivers, and adding optional components. Additionally this walkthrough goes over how customizations in boot images affect several different popular products that utilize boot images, such as Microsoft Configuration Manager, Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS).
## Prerequisites
@@ -78,6 +82,10 @@ This walkthrough describes how to customize a Windows PE boot image including up
1. When searching the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site, use the search term `"- cumulative update for windows "` where `year` is the four-digit current year, `` is the two-digit current month, and `` is the version of Windows that Windows PE is based on. Make sure to include the quotes (`"`). For example, to search for the latest cumulative update for Windows 11 in August 2023, use the search term `"2023-08 cumulative update for Windows 11"`, again making sure to include the quotes. If the cumulative update hasn't been released yet for the current month, then search for the previous month.
+> [!TIP]
+>
+> ADK 10.1.26100.1 (May 2024) and the ADK 10.1.25398.1 (September 2023) are based off **Microsoft server operating system, version 22H2 for x64-based Systems**. Make sure to update the search term appropriately.
+
1. Once the cumulative update has been found, download the appropriate version for the version and architecture of Windows that matches the Windows PE boot image. For example, if the version of the Windows PE boot image is Windows 11 22H2 64-bit, then download the **Cumulative Update for Windows 11 Version 22H2 for x64-based Systems** version of the update.
1. Store the downloaded cumulative update in a known location for later use, for example `C:\Updates`.
@@ -662,6 +670,10 @@ This step doesn't update or change the boot image. However, it makes sure that t
In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+> [!TIP]
+>
+> The boot images from the [ADK 10.1.26100.1 (May 2024)](/windows-hardware/get-started/adk-install) and later already contain the cumulative updates to address the BlackLotus UEFI bootkit vulnerability.
+
> [!NOTE]
>
> **Microsoft Configuration Manager** and **Windows Deployment Services (WDS)** automatically extract the bootmgr boot files from the boot images when the boot images are updated in these products. They don't use the bootmgr boot files from the Windows ADK.
From 0b2d46cc73c6e04e558ff806fac1f431c54a0f38 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Fri, 16 Aug 2024 13:16:30 -0400
Subject: [PATCH 2/9] Correct one tip
Correct tip regarding ADK 10.1.26100.1 (May 2024) being based off Microsoft server operating system, version 22H2 for x64-based Systems.
---
windows/deployment/customize-boot-image.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index 11a88bd2c99..0fbc70dd72f 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -84,7 +84,7 @@ This walkthrough describes how to customize a Windows PE boot image including up
> [!TIP]
>
-> ADK 10.1.26100.1 (May 2024) and the ADK 10.1.25398.1 (September 2023) are based off **Microsoft server operating system, version 22H2 for x64-based Systems**. Make sure to update the search term appropriately.
+> The ADK 10.1.25398.1 (September 2023) is based off **Microsoft server operating system, version 22H2 for x64-based Systems**. Make sure to update the search term appropriately.
1. Once the cumulative update has been found, download the appropriate version for the version and architecture of Windows that matches the Windows PE boot image. For example, if the version of the Windows PE boot image is Windows 11 22H2 64-bit, then download the **Cumulative Update for Windows 11 Version 22H2 for x64-based Systems** version of the update.
From b02420256857b331987a589ee8db9615e9eb7f84 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Fri, 16 Aug 2024 13:18:29 -0400
Subject: [PATCH 3/9] Fix grammar mistake
Fix grammar mistake
---
windows/deployment/customize-boot-image.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index 0fbc70dd72f..2a9764a8c26 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -27,7 +27,7 @@ Microsoft recommends updating Windows PE boot images with the latest cumulative
> [!TIP]
>
-> The boot images from the [ADK 10.1.26100.1 (May 2024)](/windows-hardware/get-started/adk-install) and later already contain the cumulative updates to address the BlackLotus UEFI bootkit vulnerability.
+> The boot images from the [ADK 10.1.26100.1 (May 2024)](/windows-hardware/get-started/adk-install) and later already contain the cumulative update to address the BlackLotus UEFI bootkit vulnerability.
This walkthrough describes how to customize a Windows PE boot image including updating with the latest cumulative update, adding drivers, and adding optional components. Additionally this walkthrough goes over how customizations in boot images affect several different popular products that utilize boot images, such as Microsoft Configuration Manager, Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS).
@@ -672,7 +672,7 @@ In particular, this step is needed when addressing the BlackLotus UEFI bootkit v
> [!TIP]
>
-> The boot images from the [ADK 10.1.26100.1 (May 2024)](/windows-hardware/get-started/adk-install) and later already contain the cumulative updates to address the BlackLotus UEFI bootkit vulnerability.
+> The boot images from the [ADK 10.1.26100.1 (May 2024)](/windows-hardware/get-started/adk-install) and later already contain the cumulative update to address the BlackLotus UEFI bootkit vulnerability.
> [!NOTE]
>
From 4c8ce1c4722fbcf82888c54e24c35d39eac9647d Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Fri, 16 Aug 2024 13:26:20 -0400
Subject: [PATCH 4/9] Fix tabbing
Fix tabbing on Tip
---
windows/deployment/customize-boot-image.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index 2a9764a8c26..1c603a58469 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -82,9 +82,9 @@ This walkthrough describes how to customize a Windows PE boot image including up
1. When searching the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site, use the search term `"- cumulative update for windows "` where `year` is the four-digit current year, `` is the two-digit current month, and `` is the version of Windows that Windows PE is based on. Make sure to include the quotes (`"`). For example, to search for the latest cumulative update for Windows 11 in August 2023, use the search term `"2023-08 cumulative update for Windows 11"`, again making sure to include the quotes. If the cumulative update hasn't been released yet for the current month, then search for the previous month.
-> [!TIP]
->
-> The ADK 10.1.25398.1 (September 2023) is based off **Microsoft server operating system, version 22H2 for x64-based Systems**. Make sure to update the search term appropriately.
+ > [!TIP]
+ >
+ > The ADK 10.1.25398.1 (September 2023) is based off **Microsoft server operating system, version 22H2 for x64-based Systems**. Make sure to update the search term appropriately.
1. Once the cumulative update has been found, download the appropriate version for the version and architecture of Windows that matches the Windows PE boot image. For example, if the version of the Windows PE boot image is Windows 11 22H2 64-bit, then download the **Cumulative Update for Windows 11 Version 22H2 for x64-based Systems** version of the update.
From cdcafb2c5381e443bb9902bef8d98f4bdcad6771 Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Fri, 16 Aug 2024 13:30:56 -0400
Subject: [PATCH 5/9] Fix tabbing
Fix tabbing again
---
windows/deployment/customize-boot-image.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index 1c603a58469..327c63cc755 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -82,9 +82,9 @@ This walkthrough describes how to customize a Windows PE boot image including up
1. When searching the [Microsoft Update Catalog](https://catalog.update.microsoft.com/) site, use the search term `"- cumulative update for windows "` where `year` is the four-digit current year, `` is the two-digit current month, and `` is the version of Windows that Windows PE is based on. Make sure to include the quotes (`"`). For example, to search for the latest cumulative update for Windows 11 in August 2023, use the search term `"2023-08 cumulative update for Windows 11"`, again making sure to include the quotes. If the cumulative update hasn't been released yet for the current month, then search for the previous month.
- > [!TIP]
- >
- > The ADK 10.1.25398.1 (September 2023) is based off **Microsoft server operating system, version 22H2 for x64-based Systems**. Make sure to update the search term appropriately.
+ > [!TIP]
+ >
+ > The ADK 10.1.25398.1 (September 2023) is based off **Microsoft server operating system, version 22H2 for x64-based Systems**. Make sure to update the search term appropriately.
1. Once the cumulative update has been found, download the appropriate version for the version and architecture of Windows that matches the Windows PE boot image. For example, if the version of the Windows PE boot image is Windows 11 22H2 64-bit, then download the **Cumulative Update for Windows 11 Version 22H2 for x64-based Systems** version of the update.
From 6969f86e7d82ca9b96d181c74c59e92153f22cef Mon Sep 17 00:00:00 2001
From: Frank Rojas <45807133+frankroj@users.noreply.github.com>
Date: Fri, 16 Aug 2024 13:38:42 -0400
Subject: [PATCH 6/9] Further refinements
Further refinements to tip.
---
windows/deployment/customize-boot-image.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index 327c63cc755..01aecac8ee3 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -84,7 +84,7 @@ This walkthrough describes how to customize a Windows PE boot image including up
> [!TIP]
>
- > The ADK 10.1.25398.1 (September 2023) is based off **Microsoft server operating system, version 22H2 for x64-based Systems**. Make sure to update the search term appropriately.
+ > The boot images in the **ADK 10.1.25398.1 (September 2023)** are based off **Microsoft server operating system, version 22H2 for x64-based Systems**. Make sure to update the search term appropriately.
1. Once the cumulative update has been found, download the appropriate version for the version and architecture of Windows that matches the Windows PE boot image. For example, if the version of the Windows PE boot image is Windows 11 22H2 64-bit, then download the **Cumulative Update for Windows 11 Version 22H2 for x64-based Systems** version of the update.
From 8b1e34830e8d83a33b5d6a5672fca22147169319 Mon Sep 17 00:00:00 2001
From: Padma Jayaraman
Date: Fri, 16 Aug 2024 23:57:22 +0530
Subject: [PATCH 7/9] Pencil edit
Acrolinx correctness
---
windows/deployment/customize-boot-image.md | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index 01aecac8ee3..5854affd49a 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -1124,10 +1124,10 @@ For more information, see [wdsutil stop-server](/windows-server/administration/w
In the following boot image replacement scenario for WDS:
-- The boot image modified as part of this guide is outside of the `` folder. For example, the `winpe.wim` boot image that comes with the Windows ADK
-- An existing boot image in WDS is being replaced with the updated boot image
+- The boot image modified as part of this guide is outside of the `` folder. For example, the `winpe.wim` boot image that comes with the Windows ADK.
+- An existing boot image in WDS is being replaced with the updated boot image.
-then follow these steps to update the boot image in WDS:
+Follow these steps to update the boot image in WDS:
1. Replace the existing boot image in WDS with the modified boot image using the following command lines:
From c1b412817dcbef0e438bee0f265201d1dd9b8c25 Mon Sep 17 00:00:00 2001
From: Padma Jayaraman
Date: Sat, 17 Aug 2024 00:01:42 +0530
Subject: [PATCH 8/9] Pencil edit
Acrolinx correctness
---
windows/deployment/customize-boot-image.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index 5854affd49a..250d11e8d4e 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -1206,7 +1206,7 @@ In the following boot image scenario for WDS:
- The boot image modified as part of this guide is outside of the `` folder. For example, the `winpe.wim` boot image that comes with the Windows ADK
- The updated boot image is being added as a new boot image in WDS
-then follow these steps to add the boot image in WDS:
+Follow these steps to add the boot image in WDS:
1. Add the updated boot image to WDS using the following command lines:
From 01113c695e7769aac5614946cf91c233fcef422d Mon Sep 17 00:00:00 2001
From: Padma Jayaraman
Date: Sat, 17 Aug 2024 00:11:48 +0530
Subject: [PATCH 9/9] Pencil edit
Acrolinx suggestion
---
windows/deployment/customize-boot-image.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index 250d11e8d4e..31420e8890f 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -914,7 +914,7 @@ For more information, see [Modify a Windows image using DISM: Unmounting an imag
## Step 13: Update boot image in products that utilize it (if applicable)
-After the default `winpe.wim` boot image from the Windows ADK has been updated, additional steps usually need to take place in the product(s) that utilize the boot image. The following links contain information on how to update the boot image for several popular products that utilize boot images:
+After the default `winpe.wim` boot image from the Windows ADK has been updated, additional steps usually need to take place in the products that utilize the boot image. The following links contain information on how to update the boot image for several popular products that utilize boot images:
- [Microsoft Configuration Manager](#updating-the-boot-image-in-configuration-manager)
- [Microsoft Deployment Toolkit (MDT)](#updating-the-boot-image-and-boot-media-in-mdt)