Urgent Script for Windows 10 CVE-2021-40444 released Yesterday

Hello,

I tried to update default registry scripts available in endpoint management to remotely change registry values as advised by Microsoft but I receive comodo error in the script,
can you help ?

CVE-2021-40444 - Security Update Guide - Microsoft - Microsoft MSHTML Remote Code Execution Vulnerability

not working error







2021/09/08 05:24:07 PM Failed Traceback (most recent call last): File “<string>”, line 49, in <module> TypeError: popen() argument 1 must be string without null bytes, not str

20210908-CVE-2021-40444-Set-registry-value.json (4.22 KB)

Hi @rbo,

We have shared your request with our script developers and provide you updated script.

Kind Regards,
PremJK

Here is a ‘quick-n-dirty’ script specifically for this CVE if anyone needs something fast. Tested on Win10 Pro and Win 7 Pro w/Powershell V5

Download:

  • Includes ability to apply workaround registry entries for CVE-2021-40444.
  • Includes ability to undo workaround registry entries for CVE-2021-40444. For use after MS official hot-fix is released and applied
  • Includes ability to force restart of the endpoint after registry actions have been applied
  • IMPORTANT: If you enable both apply and undo at the same time, undo takes priority
Installation for iTarian Procedures
  • Download the procedure
  • Within your ITSM portal, import the procedure under Configuration Templates - Procedures
  • Configure desired procedure name, alert settings..etc
  • Configure the default parameters for the procedure from the Parameters tab of the script. See Configuration Parameters below for explanations of each parameter
  • Click Save - Ready to Review - Approve to finish. Assign to a profile and optionally a schedule of your liking
  • (Recommended) Run the new procedure on a single test machine to ensure its working or configured as expected
  • This script should be run as LocalSystem
Configurable Parameters

Apply_Workaround

  • Default: 1
  • Apply Workaround (Enabled=1,Disabled=0)
Undo_Workaround
  • Default: 0
  • Remove Workaround (Enabled=1,Disabled=0)
Restart_Computer
  • Default: 0
  • Restart Computer (Enabled=1,Disabled=0)

EZT-Workaround-CVE-2021-40444.json (18.8 KB)

Hi @PremJkumar

We are also interested in this mitigation script, please keep us posted.

Thanks a lot in advance!

Regards,
– Javier Llorente
Endpoint Security - Devoteam

@rbo
Try again now. Been having some issues with the forum lately, sometimes it doesnt add the link correctly