来源

关联漏洞

介绍

# Follina workaround (CVE-2022-30190)

## Description
These two scripts can be used to apply the workaround provided by Microsoft to mitigate the vulnerability CVE-2022-30190 as detailed in the MSRC [blog](https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/) and to restore the workaround, should an official patch be released.

The first script 'FollinaMitigation.ps1' will backup the registry key and then remove it in order to apply the workaround.
The second script 'FollinaImportKey.ps1' will import the registry key that was previously exported.

Additional details can be found [here](https://www.sentrium.co.uk/labs/preventing-exploitation-of-the-follina-vulnerability-in-msdt)

## Usage
### Local
To run these scripts locally, start a PowerShell prompt with elevated privileges and simply execute:

`.\FollinaMitigation.ps1`

`.\FollinaImportKey.ps1`

### InTune
You can use these PowerShell scripts within the Microsoft Endpoint Manager to deploy the fix across multiple hosts. To achieve this, follow the steps below.

- Click on Devices
- Under Policy select Scripts
- Click Add
- Select Windows 10 and later
- Give a suitable name and description (Follina Workaround | Registry key deletion to mitigate CVE-2022-30190)
- Upload the script provided in this repo
- Select Run script in 64 bit PowerShell Host
- Add relevant groups and/or users
- Click Add

Once the device(s) sync, the script should execute. More details can be found [here](https://docs.microsoft.com/en-us/mem/intune/apps/intune-management-extension).

## Authors and acknowledgment
[Sentrium Security](https://www.sentrium.co.uk)

## License
Licensed under [MIT](https://opensource.org/licenses/MIT)

The software is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.

## Warning

Modifying the registry can cause unwanted behaviour and should be treated carefully. Sentrium have done their best to validate the two scripts provided within test environments and we strongly recommend you do so too if using them.

We have aimed to keep the script simple and readable and to follow the guidance as accurately as possible.

文件快照

 [4.0K]  /data/pocs/d71b3efe5ae1c5951a20ec70b32682357c4ba057
├── [1.0K]  FollinaKeyImport.ps1
├── [2.1K]  FollinaMitigation.ps1
├── [1.0K]  LICENSE
└── [2.5K]  README.md

0 directories, 4 files

备注