Documents about system vulnerabilities and methods for their mitigation
View all tagsThis document outlines a client script that creates tickets for clients based on the computer count requiring remediation for the CVE-2013-3900 WinVerifyTrust Signature Vulnerability. It includes details on sample runs, dependencies, variables, and the ticketing process.
This document provides a comprehensive overview of the CVE-2013-3900 status on agents where the associated script is deployed. It details the data gathered, dependencies, and the specific columns that represent various attributes of the agents, including their vulnerability status and detection dates.
This document provides a comprehensive solution template for the remediation and auditing of the CVE-2013-3900 vulnerability, including associated scripts, remote monitors, and implementation steps for effective management.
This document outlines a solution template for detecting, remediating, and auditing CVE vulnerabilities, specifically focusing on SMB Signing. It includes associated scripts, monitors, and implementation steps to ensure effective vulnerability management.
This document outlines the data gathered from the CWA Script related to CVE-2016-2115, detailing the status of SMB Signing on the deployed agent, including relevant columns and their descriptions.
This document provides a comprehensive solution for detecting, remediating, and auditing the CVE-2016-2183 Birthday Attacks related to 3DES Cipher Suites. It includes templates for scripts, monitoring, and auditing to ensure effective management of this vulnerability across agents.
This document outlines a client script designed to create a ticket for each client where remediation is required for the CVE-2016-2183 Birthday Attacks 3DES Cipher Suites vulnerability. It includes details on dependencies, variables, output, and ticketing format.
This document outlines a remote PowerShell monitor designed to detect the status of the Microsoft Exchange Server Remote Code Execution Vulnerability CVE-2021-26857 on Windows Exchange Servers. It provides details on suggested settings and check actions for effective monitoring.
This document outlines a monitor designed to identify endpoints that may be vulnerable to the Windows CVE-2021-26858, specifically targeting Microsoft Exchange Server. It includes suggested configurations for alert styles, templates, and check actions to ensure timely detection and response to potential threats.
This document outlines a remote monitor designed to check the Microsoft Exchange Server for vulnerabilities related to a remote code execution issue identified in March 2021. It details the setup, including suggested limits, alert styles, and the monitoring process using log files.
This document outlines a script designed to detect the impact of CVE-2021-42321 on Exchange servers. Upon detection of the vulnerability, the script generates a ticket for further action. It includes global parameters, sample runs, and guidelines for mitigating the vulnerability through security patches.
This document outlines a solution to protect against CVE-2023-36884, a critical vulnerability affecting Office and Windows that allows for remote code execution via HTML. It includes associated content such as scripts, dataviews, and internal monitors for effective mitigation.
This document outlines a monitoring solution designed to identify Dell endpoints that may be vulnerable to CVE-2021-21551. It includes suggested configurations for alerting and a detailed check action to assess vulnerability status.
This document provides a comprehensive guide on implementing SMB1 vulnerability management in your system. It includes SQL insert queries for setting up extra fields, sensor checks, remote monitors, and group configurations necessary for effective vulnerability management and monitoring.
This document provides a detailed overview of a script designed to check Kaseya endpoints for vulnerabilities related to the REvil attack. It includes information on dependencies, process flow, and expected outputs, aimed at enhancing endpoint security.
This document provides a detailed overview of the Kaseya comprising tool result, showcasing relevant computer details where the script ran. It outlines the dependencies required for successful execution and describes the various columns of data presented in the output.
This report evaluates BIOS versions against a list of known vulnerable versions, providing a comprehensive analysis for system administrators to ensure their devices are secure. It includes detailed report parts, filtering options, and a sample report for reference.
This document provides a comprehensive overview of the EDFs filled by the SEC - Endpoint Protection - Script - Log4J (Log4Shell) File Scan, detailing vulnerability information related to the Log4J/Log4Shell exploit and the results of the scans conducted.
This document provides a comprehensive report on potential Log4J/Log4Shell vulnerabilities, detailing affected applications based on a curated list from GitHub. It includes dependencies for endpoint protection and outlines the relevant columns for tracking vulnerabilities.
This document provides an overview of potential Log4Shell vulnerabilities and the associated risks to Automate agents. It includes links to various resources such as custom tables, dataviews, and scripts that facilitate the identification and remediation of these vulnerabilities.
This document provides a comprehensive overview of the workaround for the Microsoft Support Diagnostic Tool (MSDT) vulnerability, detailing its dependencies, tracking progress, and the status of associated registry keys.
This document provides an overview of how to check the Windows registry for the stored credentials flag related to WDigest. It explains the implications of the flag being set or not and highlights potential vulnerabilities associated with it, including references to Mimikatz.
This document outlines a method to detect the presence of the HKEY_CLASSES_ROOT/ms-msdt Registry Key, which is crucial for temporarily remediating the CVE-2022-30190 MSDT vulnerability on Windows systems.
This document details a script designed to remove the WannaCry solution from the ConnectWise Automate environment, including the steps involved and the expected output. The automation process is expected to save approximately 20 minutes of manual effort.
This document outlines a monitor that triggers a script to restore the key on Windows computers where the required patches for the Microsoft Support Diagnostic Tool vulnerability are installed. It includes dependencies and target information for effective implementation.
This document details an internal monitor that detects online Windows agents and performs autofix on computers with the "Audit with Autofix" setting for the SMB1 Vulnerability. It highlights dependencies, target scope, and ticketing setup for effective management.
This document provides a comprehensive overview of the dataview that gathers data from the SMBv1 Enabled Detection & Remediation script, detailing the status of SMB on agents where it is deployed, including client information, operating system, and vulnerability state.
This document outlines a script created to detect and remediate SMBv1 vulnerabilities based on specified settings in the EDF. It details the script execution requirements, dependencies, variables, and output, along with ticketing procedures for successful and failed remediation attempts.
This document outlines the SMBv1 audit and autofix solution based on the EDF, including associated scripts, monitors, and implementation steps. It provides guidance on removing old solutions, importing new content, and configuring monitoring for SMBv1 vulnerabilities in client systems.
This document outlines the process for identifying computers with vulnerable applications installed, based on a JSON file. It includes warnings about the accuracy of the data and provides associated content for implementation. Human judgment is advised when interpreting the results.
This document provides a detailed overview of the dataview that tracks the progress of the Workaround for the Windows Search Protocol Vulnerability script and monitor set. It outlines the necessary dependencies and describes the various columns used in the tracking process.
This document provides a comprehensive solution to apply a temporary workaround for the Windows Search Protocol Vulnerability as released by Microsoft. It includes associated content, implementation steps, and necessary roles and scripts to effectively manage the vulnerability.
This document provides a comprehensive overview of a script designed to back up, remove, or restore the HKEY_CLASSES_ROOT/ms-msdt registry key. It details the script’s execution, parameters, dependencies, process, and expected output, including ticketing features for failure management.
This document provides a detailed overview of a script that backs up, removes, or restores the registry key HKEY_CLASSES_ROOT/search-ms. It outlines the script’s functionality, dependencies, and processes involved in executing the script, including options for manual execution and ticket creation for failures.
This document provides an overview of an Internal Monitor that detects machines with the Search-MS Registry Key role, which is essential for remediating the CVE-2022-30190 MSDT vulnerability. It outlines dependencies and the target environment for the monitor.
This document provides a comprehensive data view of machines that are expected to be vulnerable to the Zenbleed vulnerability, specifically targeting systems with AMD Ryzen 3000/4000/5000 series processors, AMD EPYC processors, and AMD Ryzen 7020 series.