Overview
In some cases, Microsoft assets may be vulnerable to specific CVEs without an available patch. This knowledge base article outlines a reliable mitigation method using a PowerShell script to modify registry settings, effectively addressing these vulnerabilities.
Affected CVEs
The following CVEs have been identified as affecting Microsoft assets:
- CVE-2017-5715
- CVE-2017-5754
- CVE-2018-3639
- CVE-2018-12126
- CVE-2018-12130
- CVE-2018-12127
- CVE-2019-11091
- CVE-2019-11135
- CVE-2022-21123
- CVE-2022-21125
- CVE-2022-21127
- CVE-2022-21166
- CVE-2022-0001
Solution:
To mitigate these vulnerabilities, the SanerNow team has shared an executable (.EXE) designed to implement the necessary security measures.
Deployment Process
- Pre-Deployment Considerations:
- Ensure all relevant and available KB updates are installed on the affected device before deploying the exe.
- Backup the system registry to prevent unintended changes.
2. Executing the Mitigation Script:
- The provided exe, when executed, creates specific registry entries to mitigate the listed vulnerabilities.
- These registry modifications are made under the following path:
Registry Path:
HKLM:\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
Values Created:
- FeatureSettingsOverride = 8388608
- FeatureSettingsOverrideMask = 3
Deployment Method:
- The exe can be deployed using endpoint management (EM) software for seamless execution across multiple devices.
- Once deployment is completed successfully, verify the applied registry settings.
Verification:
- Perform a post-deployment system scan to confirm that the vulnerabilities are mitigated.
- If the vulnerabilities still appear, revalidate the applied registry settings and ensure no system conflicts are preventing the changes.
Additional Notes
- The exe modifies system memory management settings to enhance security and mitigate risks associated with the listed CVEs.
- While this solution addresses the vulnerabilities, it is recommended to monitor Microsoft’s security advisories for any official patches that may become available in the future.
Conclusion
This article provides a practical solution for mitigating vulnerabilities when no official patch is available. By deploying the provided exe and verifying the registry changes, organizations can secure their Microsoft assets against the listed CVEs.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article