rbo
September 8, 2021, 3:31pm
1
Hello,
I tried to update default registry scripts available in endpoint management to remotely change registry values as advised by Microsoft but I receive comodo error in the script,
can you help ?
CVE-2021-40444 - Security Update Guide - Microsoft - Microsoft MSHTML Remote Code Execution Vulnerability
not working error
2021/09/08 05:24:07 PM
Failed
Traceback (most recent call last): File “<string>”, line 49, in <module> TypeError: popen() argument 1 must be string without null bytes, not str
20210908-CVE-2021-40444-Set-registry-value.json (4.22 KB)
Hi @rbo ,
We have shared your request with our script developers and provide you updated script.
Kind Regards,
PremJK
eztech
September 9, 2021, 1:10pm
3
Here is a ‘quick-n-dirty’ script specifically for this CVE if anyone needs something fast. Tested on Win10 Pro and Win 7 Pro w/Powershell V5
Download:
Includes ability to apply workaround registry entries for CVE-2021-40444.
Includes ability to undo workaround registry entries for CVE-2021-40444. For use after MS official hot-fix is released and applied
Includes ability to force restart of the endpoint after registry actions have been applied
IMPORTANT: If you enable both apply and undo at the same time, undo takes priority
Installation for iTarian Procedures
Download the procedure
Within your ITSM portal, import the procedure under Configuration Templates - Procedures
Configure desired procedure name, alert settings ..etc
Configure the default parameters for the procedure from the Parameters tab of the script. See Configuration Parameters below for explanations of each parameter
Click Save - Ready to Review - Approve to finish. Assign to a profile and optionally a schedule of your liking
(Recommended) Run the new procedure on a single test machine to ensure its working or configured as expected
This script should be run as LocalSystem
Configurable Parameters
Apply_Workaround
Default: 1
Apply Workaround (Enabled=1,Disabled=0)
Undo_Workaround
Default: 0
Remove Workaround (Enabled=1,Disabled=0)
Restart_Computer
Default: 0
Restart Computer (Enabled=1,Disabled=0)
EZT-Workaround-CVE-2021-40444.json (18.8 KB)
Hi @PremJkumar
We are also interested in this mitigation script, please keep us posted.
Thanks a lot in advance!
Regards,
– Javier Llorente
Endpoint Security - Devoteam
eztech
September 9, 2021, 3:21pm
5
@rbo
Try again now. Been having some issues with the forum lately, sometimes it doesnt add the link correctly