Skip to main content
Unlisted page
This page is unlisted. Search engines will not index it, and only users having a direct link can access it.

CVE-2021-40444 Office 365 Detection

Summary

This internal monitor will identify agents where the ActiveX mitigation for the CVE-2021-40444 Office 365 vulnerability has not been applied.

Dependencies

Target

Windows Machine

Translated SQL

SELECT 
    'Mitigation Not Applied' AS TestValue,
    c.name AS IDentityField,
    cl.name AS `Client Name`,
    c.name AS `Computer Name`,
    c.lAStcontact AS `LASt Contact`,
    acd.uptimestart,
    acd.uptimeend,
    acd.noalerts,
    c.ComputerID
FROM computers c 
LEFT JOIN clients cl ON cl.clientid = c.clientid
LEFT JOIN agentcomputerdata acd ON acd.computerid = c.computerid
WHERE
    c.computerid NOT IN (SELECT computerid FROM scriptstate WHERE variable = 'CVE-2021-40444_Office365' AND `value` LIKE '%Mitigation Applied%')
    AND c.computerid NOT IN (SELECT computerid FROM scriptstate WHERE variable = 'CVE-2021-40444_Office365' AND `value` LIKE '%Mitigation Pending to Restart%')
    AND c.computerid IN (SELECT computerid FROM tcomp)
    AND c.lAStcontact > NOW() - INTERVAL 15 MINUTE