This walkthrough describes how to customize a Windows PE boot image including updating with the latest cumulative update, adding drivers, and adding optional components. For example, the Windows PE boot image can be updated with the latest cumulative update to address the BlackLotus UEFI bootkit vulnerability as documented in KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 and CVE-2023-24932. The latest cumulative updates may also resolve known issues. Microsoft recommends updating Windows PE boot images with the latest cumulative update for maximum security and protection. However the boot images can be customized by adding drivers, optional components, and applying the latest cumulative update.
The Windows PE (WinPE) boot images that are included with the Windows ADK have a minimal number of features and drivers.