Zoeken
  • Edwin de Bruin

Script to check if your 2019 Server is vulnerable for CVE-2022-21907

Bijgewerkt op: 29 jul.

Created a little powershell script to my best effort to check if your 2019 Server is vulnerable for CVE-2022-21907


CVSS base score of 9.8 so action is required


More information about the CVE: CVE-2022-21907 - Security Update Guide - Microsoft - HTTP Protocol Stack Remote Code Execution Vulnerability


Used some resources found online, put them together with some adjustments in the script (i am not a scripter, google is my friend ;-))


Keep in mind: no guarantee and advise is to install latest MS Patches. But be carefull there are issues reported with some of the patches.


# Edwin de Bruin

# Check CVE-2022-21907


# Sources used http://squareclouds.net/powershell-script-to-run-commands-per-active-directory-ou

# https://isc.sans.edu/diary/rss/28234


Import-Module ActiveDirectory


# OU Name

$OU = "OU=Server,OU=ComputerObjects,OU=***,DC=***,DC=***,DC=**"


# Window Title

$Host.UI.RawUI.WindowTitle = "Processing Computers in OU " + $OU


# Connectivity Timeout

$timeoutSeconds = 20

# The window title of the PowerShell windows will display "Processing Computers in OU $OU" while the Connectivity Timeout variable is used later to complete inital connectivity of the computer before completing the script.


# Computer name list

$ComputerNames = Get-ADComputer -Filter {OperatingSystem -Like "Windows Server 2019*"} -SearchBase $OU | Select Name


# ForEach loop to complete command on each Computer

FOREACH ($Computer in $ComputerNames) {

if(Test-Connection -ComputerName $($Computer).Name -Count 1 -TimeToLive $timeoutSeconds -ErrorAction 0){

$vulnerablekeyexist=Invoke-command -COMPUTER $Computer.Name -ScriptBlock {Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\HTTP\Parameters" | Select-Object EnableTrailerSupport}

if ($vulnerablekeyexist.EnableTrailerSupport -ne $null){

$vulnerablecheck=Invoke-command -COMPUTER $Computer.Name -ScriptBlock {Get-ItemPropertyValue -Path "HKLM:\System\CurrentControlSet\Services\HTTP\Parameters" -Name "EnableTrailerSupport"} | Out-Null

if ($vulnerablecheck) {Write-Host $Computer.Name -ForegroundColor Red

}

}

else {Write-Host $Computer.Name -ForegroundColor Green

}


}

else {Write-Host "Computer NOT FOUND $Computer.Name" -Foreground Yellow

}


}





130 weergaven0 opmerkingen

Recente blogposts

Alles weergeven