CVE-2022-41099 PoC — Microsoft Windows BitLocker 安全漏洞

Source

https://github.com/o0MattE0o/CVE-2022-41099-Fix

Associated Vulnerability

Title:Microsoft Windows BitLocker 安全漏洞 (CVE-2022-41099)
Description:Microsoft Windows BitLocker是美国微软（Microsoft）公司的BitLocker 确保在激活保护之前安全备份恢复密钥。 Microsoft Windows BitLocker存在安全漏洞。以下产品和版本受到影响：Windows 10 Version 1809 for ARM64-based Systems,Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based

Description

Update WINRE.WIM file to fix CVE-2022-41099

Readme

 I take no Liability & Warranty on this script please fully test before use.

# CVE-2022-41099-Fix
Update WINRE.WIM file to fix CVE-2022-41099


REF: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41099
Microsoft Catalog: https://www.catalog.update.microsoft.com/Search.aspx?q=kb5022282

You will need to create your own WINRE.wim file.
Tested with Intune, create intuneapp with the following files: -
- CVE-2022-41099.ps1
- winre.wim (your need to create this)

Upload and put in extra detection for each version of windows your running

For requirements use registry: -
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion
- UBR
- String comparison 
- Equals
- 2486

For Detection use the detection script: -
- Use a custom detection script
- Upload script "DetectionScript.ps1"

File Snapshot


 [4.0K]  /data/pocs/138bb5c9de93abe832c78fa933f08237e9b0cbaa
├── [1.0K]  Create-Custom-Image.md
├── [3.3K]  CVE-2022-41099.ps1
├── [ 419]  DetectionScript.ps1
├── [ 34K]  LICENSE
├── [ 11K]  PatchWinREScript_2004plus.ps1
└── [ 816]  README.md

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!