* Check if the mitigation is set or NOT */ (major = '6' AND minor = '2' ) OR /* Windows Server 2012 */ (major = '6' AND minor = '1' ) OR /* Windows Server 2008 */ (major = '6' AND minor = '1' ) OR /* Windows 7 */ * Check if the OS is listed as vulnerable or not */ * probably not the most efficient way to do this */ We want to ensure we get a response from the query even if the device is not vulnerable so we will need a conditional statement, A Case statement works nicely for that. SQL provides lots of different ways of doing just that. We want to do this with a single select statement and need to check two very different things, the OS version/build info and the presence or absence of a registry key. The Ideal solution provides a template that we can use for other similar scenarios so we can quickly re-purpose this query for other threats. The objective is to provide a query that can be run on all windows systems and report if the OS is vulnerable and if the Mitigation is Enabled or Not. The article links to a Microsoft Security Advisory page that identifies the Type 1 Font Parsing Remote Code Execution vulnerability and provides a list of vulnerable operating systems and a mitigation that can be taken with a registry key change. In this case we are looking at a Windows Zero day that Sophos Naked Security wrote about in late March. Today I am looking at how to best create a vulnerability check given information in a CVE and a Microsoft Notification. Well another day another zero day vulnerability. Windows has a zero-day that won’t be patched for weeks
0 kommentar(er)
