POC详情: 79ca6817710f5425eea6a07f423381886b695e92

来源
https://github.com/jmaddington/Serious-Sam---CVE-2021-36934-Mitigation-for-Datto-RMM
关联漏洞
标题: Microsoft Windows 访问控制错误漏洞 (CVE-2021-36934)
描述:Microsoft Windows是美国微软(Microsoft)公司的一种桌面操作系统。 Microsoft Windows 存在访问控制错误漏洞,该漏洞源于系统对多个系统文件的访问控制列表过于宽松,因此存在特权提升漏洞。成功利用此漏洞的攻击者可以使用SYSTEM权限运行任意代码。
描述
This PowerShell script will take the mitigation measures for CVE-2021-36934 described by Microsoft and the US CERT team.  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934 https://kb.cert.org/vuls/id/506989  USE AT YOUR OWN RISK -- BACKUPS MAY BREAK.
介绍
# Overview #

This is a Datto RMM component to mitigate CVE-2021-36934, aka Serious SAM.

It follows the mitigation measures outlined at:
 * https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934
 * https://kb.cert.org/vuls/id/506989

USE AT YOUR OWN RISK. EXPECT THIS TO BREAK SOME BACKUPS TEMPORARILY.

Only basic error checking is in place.

# Usage #
Just upload the component into Datto RMM and run it. It will prompt you for a UDF to set that will either be set to
"Mitigated" or "UN-mitigated" allowing you to filter machines based on the mitigation. This is because current (reliable & easy)
tests for the vulnerability require UN-privileged access to run, not an easy task with Datto RMM.

If you use another RMM review the code comments, the script will still work but you may need to swap
out some vendor specific items.

# Improvements / Contributions #
Fork the repo and then submit a pull request.
文件快照

 [4.0K]  /data/pocs/79ca6817710f5425eea6a07f423381886b695e92
├── [4.6K]  command.ps1
├── [ 21K]  icon.png
├── [ 925]  README.md
└── [ 23K]  Serious Sam Mitigation - CVE-2021-36394.cpt

0 directories, 4 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。