Created a little powershell script to my best effort to check if your 2019 Server is vulnerable for CVE-2022-21907
CVSS base score of 9.8 so action is required
More information about the CVE: CVE-2022-21907 - Security Update Guide - Microsoft - HTTP Protocol Stack Remote Code Execution Vulnerability
Used some resources found online, put them together with some adjustments in the script (i am not a scripter, google is my friend ;-))
Keep in mind: no guarantee and advise is to install latest MS Patches. But be carefull there are issues reported with some of the patches.
# Edwin de Bruin
# Check CVE-2022-21907
# Sources used http://squareclouds.net/powershell-script-to-run-commands-per-active-directory-ou
# https://isc.sans.edu/diary/rss/28234
Import-Module ActiveDirectory
# OU Name
$OU = "OU=Server,OU=ComputerObjects,OU=***,DC=***,DC=***,DC=**"
# Window Title
$Host.UI.RawUI.WindowTitle = "Processing Computers in OU " + $OU
# Connectivity Timeout
$timeoutSeconds = 20
# The window title of the PowerShell windows will display "Processing Computers in OU $OU" while the Connectivity Timeout variable is used later to complete inital connectivity of the computer before completing the script.
# Computer name list
$ComputerNames = Get-ADComputer -Filter {OperatingSystem -Like "Windows Server 2019*"} -SearchBase $OU | Select Name
# ForEach loop to complete command on each Computer
FOREACH ($Computer in $ComputerNames) {
if(Test-Connection -ComputerName $($Computer).Name -Count 1 -TimeToLive $timeoutSeconds -ErrorAction 0){
$vulnerablekeyexist=Invoke-command -COMPUTER $Computer.Name -ScriptBlock {Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\HTTP\Parameters" | Select-Object EnableTrailerSupport}
if ($vulnerablekeyexist.EnableTrailerSupport -ne $null){
$vulnerablecheck=Invoke-command -COMPUTER $Computer.Name -ScriptBlock {Get-ItemPropertyValue -Path "HKLM:\System\CurrentControlSet\Services\HTTP\Parameters" -Name "EnableTrailerSupport"} | Out-Null
if ($vulnerablecheck) {Write-Host $Computer.Name -ForegroundColor Red
}
}
else {Write-Host $Computer.Name -ForegroundColor Green
}
}
else {Write-Host "Computer NOT FOUND $Computer.Name" -Foreground Yellow
}
}
Comments