From 2b6d18fe5f6fdafaf2587ce9aadeceaef0cc91f7 Mon Sep 17 00:00:00 2001 From: Junjie Zhang Date: Tue, 11 Jun 2024 02:29:56 +0000 Subject: [PATCH 1/4] chore: update registry key --- vhdbuilder/packer/configure-windows-vhd.ps1 | 8 ++++++++ vhdbuilder/packer/test/windows-vhd-content-test.ps1 | 6 ++++++ vhdbuilder/packer/write-release-notes-windows.ps1 | 6 +++++- 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/vhdbuilder/packer/configure-windows-vhd.ps1 b/vhdbuilder/packer/configure-windows-vhd.ps1 index 04cab95e064..ee7c2b803e5 100644 --- a/vhdbuilder/packer/configure-windows-vhd.ps1 +++ b/vhdbuilder/packer/configure-windows-vhd.ps1 @@ -588,6 +588,9 @@ function Update-Registry { Write-Log "Enable 2 fixes in 2024-04B" Enable-WindowsFixInFeatureManagement -Name 2290715789 Enable-WindowsFixInFeatureManagement -Name 3152880268 + + Write-Log "Enable 1 fix in 2024-06B" + Enable-WindowsFixInFeatureManagement -Name 1605443213 } if ($env:WindowsSKU -Like '2022*') { @@ -666,6 +669,11 @@ function Update-Registry { Enable-WindowsFixInFeatureManagement -Name 4186914956 Enable-WindowsFixInFeatureManagement -Name 3173070476 Enable-WindowsFixInFeatureManagement -Name 3958450316 + + Write-Log "Enable 3 fixes in 2024-06B" + Enable-WindowsFixInFeatureManagement -Name 2540111500 + Enable-WindowsFixInFeatureManagement -Name 50261647 + Enable-WindowsFixInFeatureManagement -Name 1475968140 } if ($env:WindowsSKU -Like '23H2*') { diff --git a/vhdbuilder/packer/test/windows-vhd-content-test.ps1 b/vhdbuilder/packer/test/windows-vhd-content-test.ps1 index 358db682fb1..3a8e8164053 100644 --- a/vhdbuilder/packer/test/windows-vhd-content-test.ps1 +++ b/vhdbuilder/packer/test/windows-vhd-content-test.ps1 @@ -348,6 +348,8 @@ function Test-RegistryAdded { Validate-WindowsFixInFeatureManagement -Name 2290715789 Validate-WindowsFixInFeatureManagement -Name 3152880268 + + Validate-WindowsFixInFeatureManagement -Name 1605443213 } if ($env:WindowsSKU -Like '2022*') { Validate-WindowsFixInFeatureManagement -Name 2629306509 @@ -398,6 +400,10 @@ function Test-RegistryAdded { Validate-WindowsFixInFeatureManagement -Name 4186914956 Validate-WindowsFixInFeatureManagement -Name 3173070476 Validate-WindowsFixInFeatureManagement -Name 3958450316 + + Validate-WindowsFixInFeatureManagement -Name 2540111500 + Validate-WindowsFixInFeatureManagement -Name 50261647 + Validate-WindowsFixInFeatureManagement -Name 1475968140 } if ($env:WindowsSKU -Like '23H2*') { Validate-WindowsFixInHnsState -Name NamespaceExcludedUdpPorts -Value 65330 diff --git a/vhdbuilder/packer/write-release-notes-windows.ps1 b/vhdbuilder/packer/write-release-notes-windows.ps1 index d17998b34be..e58a818903a 100644 --- a/vhdbuilder/packer/write-release-notes-windows.ps1 +++ b/vhdbuilder/packer/write-release-notes-windows.ps1 @@ -145,7 +145,11 @@ $wuRegistryNames = @( "1552261773", "4186914956", "3173070476", - "3958450316" + "3958450316", + "1605443213", + "2540111500", + "50261647", + "1475968140" ) foreach ($key in $wuRegistryKeys) { From af7acc7f73287dd7a656ef8d62c669335bd2cbd7 Mon Sep 17 00:00:00 2001 From: junjiezhang1997 Date: Wed, 12 Jun 2024 03:46:10 +0000 Subject: [PATCH 2/4] feat: bump windows image version for 2024-06 --- vhdbuilder/packer/windows-image.env | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/vhdbuilder/packer/windows-image.env b/vhdbuilder/packer/windows-image.env index 648c90aac45..c0806c2cb0c 100644 --- a/vhdbuilder/packer/windows-image.env +++ b/vhdbuilder/packer/windows-image.env @@ -4,19 +4,19 @@ # CLI example to get the latest image version: # az vm image show --urn MicrosoftWindowsServer:WindowsServer:2019-Datacenter-Core-smalldisk:latest WINDOWS_2019_BASE_IMAGE_SKU=2019-Datacenter-Core-smalldisk -WINDOWS_2019_BASE_IMAGE_VERSION=17763.5820.240510 +WINDOWS_2019_BASE_IMAGE_VERSION=17763.5936.240607 # CLI example to get the latest image version: # az vm image show --urn MicrosoftWindowsServer:WindowsServer:2022-Datacenter-Core-smalldisk:latest WINDOWS_2022_BASE_IMAGE_SKU=2022-Datacenter-Core-smalldisk -WINDOWS_2022_BASE_IMAGE_VERSION=20348.2461.240510 +WINDOWS_2022_BASE_IMAGE_VERSION=20348.2527.240607 # CLI example to get all available image version under a SKU (suffix g2 for Gen 2): # az vm image list --all --publisher MicrosoftWindowsServer --offer WindowsServer --output table -s 2022-datacenter-core-smalldisk-g2 # CLI example to get the latest image version: # az vm image show --urn MicrosoftWindowsServer:WindowsServer:2022-datacenter-core-smalldisk-g2:latest WINDOWS_2022_GEN2_BASE_IMAGE_SKU=2022-datacenter-core-smalldisk-g2 -WINDOWS_2022_GEN2_BASE_IMAGE_VERSION=20348.2461.240510 +WINDOWS_2022_GEN2_BASE_IMAGE_VERSION=20348.2527.240607 # CLI example to get the latest image version: # az vm image show --urn MicrosoftWindowsServer:WindowsServer:23h2-datacenter-core:latest From 44d571abf4c092fd11e502a3412a4bd3fb47a45a Mon Sep 17 00:00:00 2001 From: Junjie Zhang Date: Wed, 12 Jun 2024 06:12:05 +0000 Subject: [PATCH 3/4] chore: update security patch --- vhdbuilder/packer/generate-windows-vhd-configuration.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 b/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 index cc2ba155736..3ea5c01efc0 100644 --- a/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 +++ b/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 @@ -40,8 +40,8 @@ $global:defenderUpdateInfoUrl = "https://go.microsoft.com/fwlink/?linkid=870379& switch -Regex ($windowsSku) { "2019-containerd" { - $global:patchUrls = @("https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/05/windows10.0-kb5037765-x64_3ca0b737e301d4e398a38f1d67966f1c82507fa8.msu") - $global:patchIDs = @("KB5037765") + $global:patchUrls = @("https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2024/06/windows10.0-kb5039217-x64_bc72f4ed75c6dd7bf033b823f79533d5772769a3.msu") + $global:patchIDs = @("KB5039217") $global:imagesToPull = @( "mcr.microsoft.com/windows/servercore:ltsc2019", @@ -49,8 +49,8 @@ switch -Regex ($windowsSku) { ) } "2022-containerd*" { - $global:patchUrls = @("https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/secu/2024/05/windows10.0-kb5037782-x64_a28aa2576fc6b120b127acfbb901d3546ba9db82.msu") - $global:patchIDs = @("KB5037782") + $global:patchUrls = @("https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/06/windows10.0-kb5039227-x64_136403ab41a524bb82063bc097e9cafbf0039630.msu") + $global:patchIDs = @("KB5039227") $global:imagesToPull = @( "mcr.microsoft.com/windows/servercore:ltsc2022", From f2b0603d5d41685cdac41459759454db6ec836c9 Mon Sep 17 00:00:00 2001 From: Junjie Zhang Date: Wed, 12 Jun 2024 07:16:10 +0000 Subject: [PATCH 4/4] chore: update 23H2 image version --- vhdbuilder/packer/windows-image.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vhdbuilder/packer/windows-image.env b/vhdbuilder/packer/windows-image.env index c0806c2cb0c..06d66266624 100644 --- a/vhdbuilder/packer/windows-image.env +++ b/vhdbuilder/packer/windows-image.env @@ -21,14 +21,14 @@ WINDOWS_2022_GEN2_BASE_IMAGE_VERSION=20348.2527.240607 # CLI example to get the latest image version: # az vm image show --urn MicrosoftWindowsServer:WindowsServer:23h2-datacenter-core:latest WINDOWS_23H2_BASE_IMAGE_SKU=23h2-datacenter-core -WINDOWS_23H2_BASE_IMAGE_VERSION=25398.887.240505 +WINDOWS_23H2_BASE_IMAGE_VERSION=25398.950.240607 # CLI example to get all available image version under a SKU (suffix g2 for Gen 2): # az vm image list --all --publisher MicrosoftWindowsServer --offer WindowsServer --output table -s 23h2-datacenter-core-g2 # CLI example to get the latest image version: # az vm image show --urn MicrosoftWindowsServer:WindowsServer:23h2-datacenter-core-g2:latest WINDOWS_23H2_GEN2_BASE_IMAGE_SKU=23h2-datacenter-core-g2 -WINDOWS_23H2_GEN2_BASE_IMAGE_VERSION=25398.887.240505 +WINDOWS_23H2_GEN2_BASE_IMAGE_VERSION=25398.950.240607 # Please uncomment the following lines and set a larger os disk size that is at least 30GB when your PR check-in fails # WINDOWS_2019_CONTAINERD_OS_DISK_SIZE_GB=30