Mitigating CVEs on Microsoft Systems: A Registry-Based Approach

Modified on Sun, 16 Mar at 1:04 PM

Overview

In some cases, Microsoft assets may be vulnerable to specific CVEs without an available patch. This knowledge base article outlines a reliable mitigation method using a PowerShell script to modify registry settings, effectively addressing these vulnerabilities.

Affected CVEs

The following CVEs have been identified as affecting Microsoft assets:

CVE-2017-5715

CVE-2017-5754

CVE-2018-3639

CVE-2018-12126

CVE-2018-12130

CVE-2018-12127

CVE-2019-11091

CVE-2019-11135

CVE-2022-21123

CVE-2022-21125

CVE-2022-21127

CVE-2022-21166

CVE-2022-0001

A screenshot of a computer
AI-generated content may be incorrect.
Solution:
To mitigate these vulnerabilities, the SanerNow team has shared an executable (.EXE) designed to implement the necessary security measures.

Deployment Process

Pre-Deployment Considerations:

Ensure all relevant and available KB updates are installed on the affected device before deploying the exe.
Backup the system registry to prevent unintended changes.

2. Executing the Mitigation Script:

The provided exe, when executed, creates specific registry entries to mitigate the listed vulnerabilities.
These registry modifications are made under the following path:

Registry Path:
HKLM:\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management

Values Created:

FeatureSettingsOverride = 8388608

FeatureSettingsOverrideMask = 3

A screenshot of a computer
AI-generated content may be incorrect.

Deployment Method:

The exe can be deployed using endpoint management (EM) software for seamless execution across multiple devices.

Once deployment is completed successfully, verify the applied registry settings.

Verification:

Perform a post-deployment system scan to confirm that the vulnerabilities are mitigated.

If the vulnerabilities still appear, revalidate the applied registry settings and ensure no system conflicts are preventing the changes.

A screenshot of a computer
AI-generated content may be incorrect.

Additional Notes

The exe modifies system memory management settings to enhance security and mitigate risks associated with the listed CVEs.

While this solution addresses the vulnerabilities, it is recommended to monitor Microsoft’s security advisories for any official patches that may become available in the future.

Conclusion

This article provides a practical solution for mitigating vulnerabilities when no official patch is available. By deploying the provided exe and verifying the registry changes, organizations can secure their Microsoft assets against the listed CVEs.