CVE-2023-29336 is an important and actively exploited zero-day vulnerability in Win32k that scores a CVSS 7.8, from Patch Tuesday on May 9, 2023.
We’ve written a script to help administrators automatically find the vulnerability and ensure that the May 2023 updates from Microsoft have been applied prior to remediation. If the device meets that criteria, then we’ll remediate it. All that’s left for the administrators is to reboot the device after the script has run successfully or grab a worklet to reboot the endpoints you ran the script on at scale.
If you’re an Automox customer, or on a free trial, grab the script directly from the Worklet Catalog.
IMPORTANT: If you plan to use the Worklet or script provided, we strongly recommend testing a subset of impacted devices and following any required change control processes prior to applying the script at scale in your organization.
Remember - for the scripts to take effect, you’ll need to reboot all of the endpoints where remediation was applied. You can do that manually via the device page if you’re an Automox customer, or run at scale with a reboot script. If you reboot from a script, but sure to target only the group of endpoints where remediation was applied so you don’t interrupt other users or systems.
The code for this worklet can be found below: