If you want to find out fast if your IIS webservers have EnableTrailerSupport enabled for https.sys in the registry, here is a small PowerShell method. All you have to do is set the correct SearchBase
To check wether you’re safe from CVE-2022-21907, execute the following PowerShell script. It automatically searches all servers in your AD network for the existence of the HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\EnableTrailerSupport registry value.
foreach( $server in (Get-ADComputer -Filter {(enabled -eq $True)} -SearchBase "OU=...,$((Get-ADDomain).ComputersContainer)").DNSHostname) {
if(Test-Connection -ComputerName $server -Count 1 -Quiet) {
Invoke-Command -ComputerName $server -Script {
Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\HTTP\Parameters" | Select-Object EnableTrailerSupport
[PSCustomObject]@{
ServerName = $using:server
EnableTrailerSupport = $_.EnableTrailerSupport
}
} | Select-Object ServerName,EnableTrailerSupport
}
}set a correct value for “OU=…“.
For a quick list of processes using http.sys, use:
netsh http show servicestate
![[HttpException (0x80004005): The length of the URL for this request exceeds the configured maxUrlLength value.]](https://cdn.saotn.org/wp-content/uploads/2025/06/Length_of_URL_for_request_exceeds_maxUrlLength_value-11-150x150.png)
