CVE-2021-36934 PoC — Microsoft Windows 访问控制错误漏洞

Source

Associated Vulnerability

Description

This PowerShell script will take the mitigation measures for CVE-2021-36934 described by Microsoft and the US CERT team.  https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934 https://kb.cert.org/vuls/id/506989  USE AT YOUR OWN RISK -- BACKUPS MAY BREAK.

Readme

# Overview #

This is a Datto RMM component to mitigate CVE-2021-36934, aka Serious SAM.

It follows the mitigation measures outlined at:
 * https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934
 * https://kb.cert.org/vuls/id/506989

USE AT YOUR OWN RISK. EXPECT THIS TO BREAK SOME BACKUPS TEMPORARILY.

Only basic error checking is in place.

# Usage #
Just upload the component into Datto RMM and run it. It will prompt you for a UDF to set that will either be set to
"Mitigated" or "UN-mitigated" allowing you to filter machines based on the mitigation. This is because current (reliable & easy)
tests for the vulnerability require UN-privileged access to run, not an easy task with Datto RMM.

If you use another RMM review the code comments, the script will still work but you may need to swap
out some vendor specific items.

# Improvements / Contributions #
Fork the repo and then submit a pull request.

File Snapshot

 [4.0K]  /data/pocs/79ca6817710f5425eea6a07f423381886b695e92
├── [4.6K]  command.ps1
├── [ 21K]  icon.png
├── [ 925]  README.md
└── [ 23K]  Serious Sam Mitigation - CVE-2021-36394.cpt

0 directories, 4 files

Remarks