How to apply the 905413 security patch to the Windows Preinstallation Environment

The Windows Preinstallation Environment (WinPE) is a minimal Win32 subsystem with limited services, and it is based on the Windows XP Professional or the Windows Server 2003 kernel that is running in protected mode. WinPE contains the minimum functionality that you must have to run Windows Setup and to then pull an operating system from a network share.

This article describes how to apply the 905413 security patch to WinPE.

Note The 905413 security patch replaces the 824146 and 823980 security patches. For more information about the 824146 security patches, click the following article numbers to view the articles in the Microsoft Knowledge Base: For more information about the 905413 security patch, click the following article number to view the article in the Microsoft Knowledge Base: Important In addition to applying the 905413 security patch to WinPE, administrators and OEMs are encouraged to integrate or slipstream the 905413 security patch into their Windows installation source files.

For more information about how to integrate or slipstream the 905413 security patch into your Windows installation source files, click the following article number to view the article in the Microsoft Knowledge Base:

Microsoft recommends that you apply the 824146 security patch to ISO images of WinPE that you create by using the following versions of WinPE:

• Windows PE for Corporations (1.0) -- Windows XP was used as the source for this CD-ROM. You can use the build tools (for example, Mkimg.cmd) on this CD-ROM to build a version of WinPE that is based on Windows XP.
• Windows PE 1.1 -- Windows XP Service Pack 1 (SP1) was used as the source for this CD-ROM. You can use the build tools (for example, Mkimg.cmd) on this CD-ROM to build a version of WinPE that is based on Windows XP SP1.
• Windows PE 1.2 -- Windows XP SP1 was used as the source for this CD-ROM. You can use the build tools (for example, Mkimg.cmd) on this CD-ROM to build a version of WinPE that is based on either Windows XP SP1 or Windows Server 2003.

Note You can customize WinPE by using the build tools that are included on the WinPE CD-ROM. You can modify the existing flat of WinPE on the CD-ROM, or you can create a completely new build of WinPE by using Mkimg.cmd.

How to Update WinPE Images When You Start Windows from a CD-ROM

To apply the 824146 security patch to your WinPE ISO image, follow these steps:

1. Download the appropriate 824146 security patch for the WinPE image that you are creating.
2. Extract the 824146 security patch package to a folder (for example, C:\824146) by using the /x command-line switch. For example, to extract the Windows XP version of the 824146 security patch to C:\824146, type the following command:
   WindowsXP-KB824146-x86-ENU.exe �x:c:\824146
3. Re-create your image by following the steps that are listed in the WinPE documentation. However, when you run the Mkimg.cmd command, do not include the option to create a *.iso image (for example, mkimg.cmd %sourcedir% %destination_dir%).
4. When the Mkimg.cmd process has completed, locate the folder where Mkimg.cmd put the newly created WinPE image flat (for example, C:\Winpe_temp).
5. Copy the appropriate Ole32.dll, Rpcrt4.dll, and Rpcss.dll files from the folder that you created in step 2 (for example, C:\824146) to the newly created Winpe flat (C:\Winpe_temp).
   • If you are creating a WinPE image by using Windows XP without SP1, copy Ole32.dll, Rpcrt4.dll, and Rpcss.dll from the SP1 folder in C:\824146.
   • If you are creating a WinPE image by using Windows XP SP1, copy Ole32.dll, Rpcrt4.dll, and Rpcss.dll from the SP2 folder in C:\824146.
   • If you are creating a WinPE image by using Windows Server 2003, copy Ole32.dll, Rpcrt4.dll, and Rpcss.dll from the RTMQFE folder in C:\824146.

After the process has completed, you can create your ISO image by running the OSCDimg.exe utility. For information about using OSCDimg.exe, see your WinPE documentation.

How to Update WinPE Images When You Start Windows from a RIS Server

To apply the 824146 security patch to your WinPE image on a RIS server, follow these steps:

1. Download the appropriate 824146 security patch for the WinPE image that you are creating.
2. Extract the 824146 security patch package to a folder (for example, C:\824146) by using the /x command-line switch. For example, to extract the Windows XP version of the 824146 security patch to C:\824146, type the following command:
   WindowsXP-KB824146-x86-ENU.exe �x:c:\824146
3. Copy the appropriate Ole32.dll, Rpcrt4.dll, and Rpcss.dll files from the folder that you created in step 2 (for example, C:\824146) to your WinPE flat on the RIS server (for example, D:\remoteinstall\setup\%lang%\images\%dir_name%\i386).
   • If you are creating a WinPE image by using Windows XP without SP1, copy Ole32.dll, Rpcrt4.dll, and Rpcss.dll from the SP1 folder in C:\824146.
   • If you are creating a WinPE image by using Windows XP SP1, copy Ole32.dll, Rpcrt4.dll, and Rpcss.dll from the SP2 folder in C:\824146.
   • If you are creating a WinPE image by using Windows Server 2003, copy Ole32.dll, Rpcrt4.dll, and Rpcss.dll from the RTMQFE folder in C:\824146.