Skip to main content

Hello Automox Community!



If you joined us for today’s webinar, I first would like to thank you for your participation and also congratulate our lucky trivia winner who will be receiving a brand new Raspberry Pi! If you weren’t able to make it, please see our webinar syndication page at your leisure and sign up for our next adventure!



This Patch Tuesday two key critical remote code execution vulnerabilities affecting IPv4 and IPv6 were disclosed that have workarounds. Automox has turned these workarounds into Worklets for your convenience.



NOTE: It’s important to keep in mind that workarounds can have unforeseen consequences. Given the impact of the disclosures, Automox does recommend taking action sooner rather than later.



First up is Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24074) which affects IPv4 source routing.



Evaluation - IPv4



# Evaluation - Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24074)


# > Link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074





If ((Get-NetIPv4Protocol|select -ExpandProperty SourceRoutingBehavior) -ne "drop"){


  # Non-Compliant


  exit 1


}





# Compliant


exit 0


Remediation - IPv4



# Remediation - Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24074)


# > Link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074





# Set Workaround Value


Set-NetIPv4Protocol -SourceRoutingBehavior Drop





If ((Get-NetIPv4Protocol|select -ExpandProperty SourceRoutingBehavior) -ne "drop"){


  # Non-Compliant


  exit 1


}





# Compliant


exit 0


Next up is Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24094) which affects IPv6 reassembly.



Evaluation - IPv6



# Evaluation - Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24094)


# > Link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094





If ((Get-NetIPv6Protocol|select -ExpandProperty ReassemblyLimit) -ne "0"){


  # Non-Compliant


  exit 1


}





# Compliant


exit 0


Remediation - IPv6



# Remediation - Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24094)


# > Link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094





# Set Workaround Value


Set-NetIPv6Protocol -ReassemblyLimitBytes "0"





If ((Get-NetIPv6Protocol|select -ExpandProperty ReassemblyLimit) -ne "0"){


  # Non-Compliant


  exit 1


}





# Compliant


exit 0
Be the first to reply!

Reply


Terms & ConditionsCookie settings