CVE-2021-36934 PoC — Microsoft Windows 访问控制错误漏洞

Source

https://github.com/tda90/CVE-2021-36934

Associated Vulnerability

Title:Microsoft Windows 访问控制错误漏洞 (CVE-2021-36934)
Description:Microsoft Windows是美国微软（Microsoft）公司的一种桌面操作系统。 Microsoft Windows 存在访问控制错误漏洞，该漏洞源于系统对多个系统文件的访问控制列表过于宽松，因此存在特权提升漏洞。成功利用此漏洞的攻击者可以使用SYSTEM权限运行任意代码。

Description

CVE-2021-36934 PowerShell Fix

Readme

# CVE-2021-36934
CVE-2021-36934 PowerShell Fix

This powershell script fixes CVE-2021-36934, based on the original script of Joran Slingerland (https://github.com/JoranSlingerland)
https://github.com/JoranSlingerland/CVE-2021-36934/blob/main/CVE-2021-36934.ps1

The Powershell script will do following:

- Produce a LOG under $env:windir\Logs\ with the name of CVE-2021-36934_$date.$time.log
- Check if the vulnerability is present
- Check if ShadowCopies are present, and if present delete them
- Fix the ACL on the $env:windir\system32\config\ folder
- Recreate Shadowcopies (if they where present)

Also a Baseline for MECM is present

File Snapshot


 [4.0K]  /data/pocs/ae31adf115da196813bfe2e98898c90a9793e2f1
├── [4.0K]  MECM Baseline
│   ├── [4.4K]  CVE-2021-36934 Vulnerability Baseline.cab
│   └── [ 265]  Readme.md
├── [4.0K]  Powershell Code
│   ├── [6.3K]  FIX for CVE-2021-36934.ps1
│   └── [   1]  readme.md
└── [ 638]  README.md

2 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!