关联漏洞
标题:
Microsoft Windows BitLocker 安全漏洞
(CVE-2022-41099)
描述:Microsoft Windows BitLocker是美国微软(Microsoft)公司的BitLocker 确保在激活保护之前安全备份恢复密钥。 Microsoft Windows BitLocker存在安全漏洞。以下产品和版本受到影响:Windows 10 Version 1809 for ARM64-based Systems,Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based
描述
Update WINRE.WIM file to fix CVE-2022-41099
介绍
I take no Liability & Warranty on this script please fully test before use.
# CVE-2022-41099-Fix
Update WINRE.WIM file to fix CVE-2022-41099
REF: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41099
Microsoft Catalog: https://www.catalog.update.microsoft.com/Search.aspx?q=kb5022282
You will need to create your own WINRE.wim file.
Tested with Intune, create intuneapp with the following files: -
- CVE-2022-41099.ps1
- winre.wim (your need to create this)
Upload and put in extra detection for each version of windows your running
For requirements use registry: -
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
- UBR
- String comparison
- Equals
- 2486
For Detection use the detection script: -
- Use a custom detection script
- Upload script "DetectionScript.ps1"
文件快照
[4.0K] /data/pocs/138bb5c9de93abe832c78fa933f08237e9b0cbaa
├── [1.0K] Create-Custom-Image.md
├── [3.3K] CVE-2022-41099.ps1
├── [ 419] DetectionScript.ps1
├── [ 34K] LICENSE
├── [ 11K] PatchWinREScript_2004plus.ps1
└── [ 816] README.md
0 directories, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。