Microsoft has released a patch (KB5025175) to address CVE-2022-41099. This patch consist of a PowerShell that is to be used in conjunction with the latest Windows Safe OS Dynamic Update for your architecture and Windows version.
Many are annoyed that Microsoft released a PowerShell script instead of an actual Windows Update to fix this vulnerability. The patch can be easily applied via Config Manager (and also Intune). Here’s the quick and dirty way to deploy the fix. For simplicity sake, we will push this out as a program (package).
Copy the PowerShell script and Windows Safe OS Dynamic Update to your content share.
In MEMC, create a package with a standard program and source files pointing to the folder copied the script and file to.
Name the program Install with the command line below. Your packagepath will differ depending on the name of the Dynamic Update file you placed in your source folder along with the PowerShell script.
"%Windir%\sysnative\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -Command .\PatchWinREScript_2004plus.ps1 -packagePath "windows10.0-kb5021043-x64_efa19d2d431c5e782a59daaf2d.cab"
Estimated disk space should be 250MB and max run time 30 minutes.
Distribute content and deploy the program to machines. Remember the dynamic update is specific to the running OS Version, so make sure your deploying to applicable machines.