Worklet: Remediation for CVE-2018-8581

This is a remediation for CVE-2018-8581 per this article:

The workaround is to remove a specific registry entry, which this worklet does:

Evaluation code:

Exit 1

Remediation code:

reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableLoopbackCheck /f

Note that the above code is the CMD syntax and not Powershell, but that should run fine. If you run into any problems you can convert the above line into Powershell pretty easily.

1 Like