CVE-2021-40444 Office 365 Vulnerability 09-2021 - UNDO
Summary
This script removes the mitigation on the agent by deleting the imported registry entries. Refer to the article below:
Microsoft Shares Temp Fix for Ongoing Office 365 Zero-Day Attacks
Note: Please use this script only when the official Microsoft patches are installed.
Time Saved by Automation: 10 Minutes
Sample Run
Dependencies
CVE-2021-40444 Office 365 Vulnerability Report
Variables
| Variable | Description |
|---|---|
| scriptcount | Tracks the record of how many attempts the script has made to reboot the agent. |
| MitigationStatus | Shows the status of the mitigation steps. |
| ScriptRanDate | The last time the script ran. |
| ApprovedStatus | Stores the reboot approved status. |
Script States
| Name | Example | Description |
|---|---|---|
| CVE-2021-40444_Office365 | 0 -- 12/09/2021 -- No User -- Mitigation Applied | Tracks information needed by data views and monitors about the script execution and results. |
Process
- This script will download and execute the
enable-activex.regregistry file from: http://download.bleepingcomputer.com/reg/enable-activex.reg- The registry file deletes the previously entered registry entries from the endpoint.
- The script validates if the registry execution completed successfully.
- Data is written to the script state.
Output
- Script log
- Script state
- Data view