Patch Tuesday Companion Content : Windows TCP/IP Vulnerability Worklets

Hello Automox Community!

If you joined us for today’s webinar, I first would like to thank you for your participation and also congratulate our lucky trivia winner who will be receiving a brand new Raspberry Pi! If you weren’t able to make it, please see our webinar syndication page at your leisure and sign up for our next adventure!

This Patch Tuesday two key critical remote code execution vulnerabilities affecting IPv4 and IPv6 were disclosed that have workarounds. Automox has turned these workarounds into Worklets for your convenience.

NOTE: It’s important to keep in mind that workarounds can have unforeseen consequences. Given the impact of the disclosures, Automox does recommend taking action sooner rather than later.

First up is Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24074) which affects IPv4 source routing.

Evaluation - IPv4

# Evaluation - Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24074)
# > Link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074

If ((Get-NetIPv4Protocol|select -ExpandProperty SourceRoutingBehavior) -ne "drop"){
  # Non-Compliant
  exit 1
}

# Compliant
exit 0

Remediation - IPv4

# Remediation - Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24074)
# > Link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24074

# Set Workaround Value
Set-NetIPv4Protocol -SourceRoutingBehavior Drop

If ((Get-NetIPv4Protocol|select -ExpandProperty SourceRoutingBehavior) -ne "drop"){
  # Non-Compliant
  exit 1
}

# Compliant
exit 0

Next up is Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24094) which affects IPv6 reassembly.

Evaluation - IPv6

# Evaluation - Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24094)
# > Link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094

If ((Get-NetIPv6Protocol|select -ExpandProperty ReassemblyLimit) -ne "0"){
  # Non-Compliant
  exit 1
}

# Compliant
exit 0

Remediation - IPv6

# Remediation - Windows TCP/IP Remote Code Execution Vulnerability (CVE-2021-24094)
# > Link: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094

# Set Workaround Value
Set-NetIPv6Protocol -ReassemblyLimitBytes "0"

If ((Get-NetIPv6Protocol|select -ExpandProperty ReassemblyLimit) -ne "0"){
  # Non-Compliant
  exit 1
}

# Compliant
exit 0
1 Like