https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-21907
Hi there,
I am trying to write a Vulnerability Test for this vulnerability which is hot topic right now.
Am I right this code would be a reliable way to check this vulnerability for Windows Server 2019?
If I understand correctly it works as following:
17763.2452 is the version number of Windows Server 2019 where this vulnerability is fixed.
The following code retrieves the version number:
sysPath = smb_get_system32root();
if(sysPath)
{
sysVer = fetch_file_version(sysPath:sysPath, file_name:"Win32k.sys");
if(!sysVer){
exit(0);
}
}
The following code verifies if the system has at least this version number or higher:
if(version_is_less(version:sysVer, test_version:"17763.2452")){
report = report_fixed_ver(installed_version:sysVer, fixed_version:"17763.2452", install_path:sysPath);
security_message(port: 0, data: report);
}
Full code (without description/script keys):
include("smb_nt.inc");
include("secpod_reg.inc");
include("version_func.inc");
include("secpod_smb_func.inc");
sysPath = smb_get_system32root();
if(sysPath)
{
sysVer = fetch_file_version(sysPath:sysPath, file_name:"Win32k.sys");
if(!sysVer){
exit(0);
}
}
if(version_is_less(version:sysVer, test_version:"17763.2452")){
report = report_fixed_ver(installed_version:sysVer, fixed_version:"17763.2452", install_path:sysPath);
security_message(port: 0, data: report);
}
exit(99);
Could someone look into this and verify this to me? If correct, I will extend the VT.