CVE-2021-40444 Office 365 Vulnerability Report
Summary
This dataview tracks the results on agents where the CVE-2021-40444 Office 365 script mitigation has been applied.
Dependencies
Columns
| Column | Description |
|---|---|
| Client Name | Client Name |
| Location Name | Location Name |
| Computer Name | Computer Name |
| Operating System | Operating System of the agent |
| Last Contact | Last Contact with RMM |
| User Logged In | Stored username of the last logged-in user to the endpoint |
| Script Ran Count | Information about how many times the script has run on the endpoint |
| Script Last Run | Information about the last run date of the script. |
| User Response | User response indicating whether they approved the reboot or not |
| Mitigation Status | Indicates whether mitigation has been successfully applied or is still pending a reboot. |
SQL Representation
SELECT
c.computerid,
c.clientid,
c.locationid,
cl.name AS `Client Name`,
l.name AS `Location Name`,
c.name AS `Computer Name`,
c.os AS `Operating System`,
c.LastContact AS `Last Contact With RMM`,
c.LastUserName AS `User Logged In`,
TRIM(
SUBSTRING_INDEX(ss.value, '--', 1)
) AS `Script Ran Count`,
CASE WHEN TRIM(
SUBSTRING_INDEX(
SUBSTRING_INDEX(ss.value, '--', 2),
'--',
-1
)
) = ' ' THEN 'Not Detected' ELSE TRIM(
SUBSTRING_INDEX(
SUBSTRING_INDEX(ss.value, '--', 2),
'--',
-1
)
) END AS `Script Last Run`,
CASE WHEN TRIM(
SUBSTRING_INDEX(
SUBSTRING_INDEX(ss.value, '--', 3),
'--',
-1
)
) = ' ' THEN 'Not Detected' ELSE TRIM(
SUBSTRING_INDEX(
SUBSTRING_INDEX(ss.value, '--', 3),
'--',
-1
)
) END AS `User Response`,
CASE WHEN TRIM(
SUBSTRING_INDEX(
SUBSTRING_INDEX(ss.value, '--', 4),
'--',
-1
)
) = ' ' THEN 'Not Detected' ELSE TRIM(
SUBSTRING_INDEX(
SUBSTRING_INDEX(ss.value, '--', 4),
'--',
-1
)
) END AS `Mitigation Status`
FROM
(
(
(
computers c
LEFT JOIN scriptstate ss ON c.computerid = ss.computerid
)
LEFT JOIN clients cl ON cl.clientid = c.clientid
)
LEFT JOIN locations l ON l.locationid = c.locationid
)
WHERE
ss.variable = 'CVE-2021-40444_Office365'