diff --git a/bosh-psmodules/modules/BOSH.WindowsUpdates/BOSH.WindowsUpdates.psd1 b/bosh-psmodules/modules/BOSH.WindowsUpdates/BOSH.WindowsUpdates.psd1 index ee1dc235..1fcd0b22 100644 --- a/bosh-psmodules/modules/BOSH.WindowsUpdates/BOSH.WindowsUpdates.psd1 +++ b/bosh-psmodules/modules/BOSH.WindowsUpdates/BOSH.WindowsUpdates.psd1 @@ -13,6 +13,7 @@ FunctionsToExport = @('Install-WindowsUpdates', 'Wait-WindowsUpdates', 'Test-InstalledUpdates', 'Install-KB4056898', + 'Install-KB4338825', 'Disable-AutomaticUpdates', 'Enable-CVE-2015-6161', 'Enable-CVE-2017-8529', diff --git a/bosh-psmodules/modules/BOSH.WindowsUpdates/BOSH.WindowsUpdates.psm1 b/bosh-psmodules/modules/BOSH.WindowsUpdates/BOSH.WindowsUpdates.psm1 index 9dd8668b..11c9ce27 100644 --- a/bosh-psmodules/modules/BOSH.WindowsUpdates/BOSH.WindowsUpdates.psm1 +++ b/bosh-psmodules/modules/BOSH.WindowsUpdates/BOSH.WindowsUpdates.psm1 @@ -339,10 +339,26 @@ function Install-KB4056898() { Set-Service -Name wuauserv -StartupType Manual Start-Service -Name wuauserv - Invoke-WebRequest -UseBasicParsing -Uri 'http://download.windowsupdate.com/d/msdownload/update/software/secu/2018/01/windows8.1-kb4056898-x64_ad6c91c5ec12608e4ac179b2d15586d244f0d2f3.msu' -Outfile C:\provision\patch.msu - wusa.exe C:\provision\patch.msu /quiet + Invoke-WebRequest -UseBasicParsing -Uri 'http://download.windowsupdate.com/d/msdownload/update/software/secu/2018/01/windows8.1-kb4056898-x64_ad6c91c5ec12608e4ac179b2d15586d244f0d2f3.msu' -Outfile C:\provision\kb4056898.msu + + wusa.exe C:\provision\kb4056898.msu /quiet +} + +function Install-KB4338825() { + Write-Log "Preparing: KB4338825." + + Set-Service -Name wuauserv -StartupType Manual + Start-Service -Name wuauserv + + Write-Log "Downloading: KB4338825." + + Invoke-WebRequest -UseBasicParsing -Uri 'http://download.windowsupdate.com/c/msdownload/update/software/secu/2018/07/windows10.0-kb4338825-x64_631cd7cfc1e4986e37cb727bae1ee1759a87c688.msu' -Outfile C:\provision\KB4338825.msu + + Write-Log "Installing: KB4338825." + wusa.exe C:\provision\KB4338825.msu /quiet } + function Enable-CVE-2015-6161() { #Enable MS15-124 - Internet Explorer ASLR Bypass fix - CVE-2015-6161 reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING" /t REG_DWORD /v "iexplore.exe" /d 1 /f diff --git a/lib/packer/config/base.rb b/lib/packer/config/base.rb index 7a5b552a..0e8194cf 100644 --- a/lib/packer/config/base.rb +++ b/lib/packer/config/base.rb @@ -25,6 +25,7 @@ def self.pre_provisioners(os, skip_windows_update: false, reduce_mtu: false, iaa Provisioners.setup_proxy_settings(http_proxy, https_proxy, bypass_list), Provisioners::NEW_PROVISIONER, Provisioners::INSTALL_CF_FEATURES_2016, + Provisioners::INSTALL_KB4338825, ] end install_windows_updates = if skip_windows_update then [] else [Provisioners.install_windows_updates] end diff --git a/lib/packer/config/provisioners.rb b/lib/packer/config/provisioners.rb index 19c6bbd9..42b77ae9 100644 --- a/lib/packer/config/provisioners.rb +++ b/lib/packer/config/provisioners.rb @@ -31,6 +31,12 @@ def self.powershell_provisioner(command) 'restart_command' => "powershell.exe -Command Install-KB4056898", 'restart_timeout' => '1h' } + INSTALL_KB4338825 = { + 'type' => 'windows-restart', + 'restart_command' => "powershell.exe -Command Install-KB4338825", + 'restart_timeout' => '1h' + + } INSTALL_CF_FEATURES_2016 = { 'type' => 'windows-restart', 'restart_command' => "powershell.exe -Command Install-CFFeatures", diff --git a/spec/packer/config/aws_spec.rb b/spec/packer/config/aws_spec.rb index d115178d..b5f8c59a 100644 --- a/spec/packer/config/aws_spec.rb +++ b/spec/packer/config/aws_spec.rb @@ -191,6 +191,7 @@ 'Set-ProxySettings ']}, {"type"=>"powershell", "inline"=> ["$ErrorActionPreference = \"Stop\";", "trap { $host.SetShouldExit(1) }", "New-Provisioner"]}, {"type"=>"windows-restart", "restart_command"=>"powershell.exe -Command Install-CFFeatures", "restart_timeout"=>"1h"}, + {"type"=>"windows-restart", "restart_command"=>"powershell.exe -Command Install-KB4338825", "restart_timeout"=>"1h"}, {"type"=>"powershell", "inline"=> ["$ErrorActionPreference = \"Stop\";", "trap { $host.SetShouldExit(1) }", "Add-Account -User Provisioner -Password some-password!"]}, {"type"=>"powershell", "inline"=> ["$ErrorActionPreference = \"Stop\";", "trap { $host.SetShouldExit(1) }", "Register-WindowsUpdatesTask"]}, {"type"=>"windows-restart", "restart_command"=> "powershell.exe -Command Wait-WindowsUpdates -Password some-password! -User Provisioner", "restart_timeout"=>"12h"}, diff --git a/spec/packer/config/azure_spec.rb b/spec/packer/config/azure_spec.rb index babbdb31..4cf6d3a7 100644 --- a/spec/packer/config/azure_spec.rb +++ b/spec/packer/config/azure_spec.rb @@ -163,6 +163,7 @@ 'Set-ProxySettings ']}, {"type"=>"powershell", "inline"=>["$ErrorActionPreference = \"Stop\";", "trap { $host.SetShouldExit(1) }", "New-Provisioner"]}, {"type"=>"windows-restart", "restart_command"=>"powershell.exe -Command Install-CFFeatures", "restart_timeout"=>"1h"}, + {"type"=>"windows-restart", "restart_command"=>"powershell.exe -Command Install-KB4338825", "restart_timeout"=>"1h"}, {"type"=>"powershell", "inline"=>["$ErrorActionPreference = \"Stop\";", "trap { $host.SetShouldExit(1) }", "Add-Account -User Provisioner -Password some-password!"]}, {"type"=>"powershell", "inline"=>["$ErrorActionPreference = \"Stop\";", "trap { $host.SetShouldExit(1) }", "Register-WindowsUpdatesTask"]}, {"type"=>"windows-restart", "restart_command"=>"powershell.exe -Command Wait-WindowsUpdates -Password some-password! -User Provisioner", "restart_timeout"=>"12h"}, diff --git a/spec/packer/config/gcp_spec.rb b/spec/packer/config/gcp_spec.rb index 43fc39a1..31270100 100644 --- a/spec/packer/config/gcp_spec.rb +++ b/spec/packer/config/gcp_spec.rb @@ -168,6 +168,7 @@ 'Set-ProxySettings ']}, {"type"=>"powershell", "inline"=>["$ErrorActionPreference = \"Stop\";", "trap { $host.SetShouldExit(1) }", "New-Provisioner"]}, {"type"=>"windows-restart", "restart_command"=>"powershell.exe -Command Install-CFFeatures", "restart_timeout"=>"1h"}, + {"type"=>"windows-restart", "restart_command"=>"powershell.exe -Command Install-KB4338825", "restart_timeout"=>"1h"}, {"type"=>"powershell", "inline"=>["$ErrorActionPreference = \"Stop\";", "trap { $host.SetShouldExit(1) }", "Add-Account -User Provisioner -Password some-password!"]}, {"type"=>"powershell", "inline"=>["$ErrorActionPreference = \"Stop\";", "trap { $host.SetShouldExit(1) }", "Register-WindowsUpdatesTask"]}, {"type"=>"windows-restart", "restart_command"=>"powershell.exe -Command Wait-WindowsUpdates -Password some-password! -User Provisioner", "restart_timeout"=>"12h"}, diff --git a/spec/packer/config/vsphere_spec.rb b/spec/packer/config/vsphere_spec.rb index a2f60934..57b26fd2 100644 --- a/spec/packer/config/vsphere_spec.rb +++ b/spec/packer/config/vsphere_spec.rb @@ -213,6 +213,7 @@ 'Set-ProxySettings foo bar bee']}, {"type"=>"powershell", "inline"=>["$ErrorActionPreference = \"Stop\";", "trap { $host.SetShouldExit(1) }", "New-Provisioner"]}, {"type"=>"windows-restart", "restart_command"=>"powershell.exe -Command Install-CFFeatures", "restart_timeout"=>"1h"}, + {"type"=>"windows-restart", "restart_command"=>"powershell.exe -Command Install-KB4338825", "restart_timeout"=>"1h"}, {"type"=>"powershell", "inline"=>["$ErrorActionPreference = \"Stop\";", "trap { $host.SetShouldExit(1) }", "Add-Account -User Provisioner -Password some-password!"]}, {"type"=>"powershell", "inline"=>["$ErrorActionPreference = \"Stop\";", "trap { $host.SetShouldExit(1) }", "Register-WindowsUpdatesTask"]}, {"type"=>"windows-restart", "restart_command"=>"powershell.exe -Command Wait-WindowsUpdates -Password some-password! -User Provisioner", "restart_timeout"=>"12h"},