Quickly check EnableTrailerSupport isn’t set in your network for http.sys (CVE-2022-21907)


GamesGames

If you want to find out fast if your IIS webservers have EnableTrailerSupport enabled for https.sys in the registry, here is a small PowerShell method. All you have to do is set the correct SearchBase.

To check wether you’re safe from CVE-2022-21907, execute the following PowerShell script. It automatically searches all servers in your AD network for the existence of the HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\EnableTrailerSupport registry value.

foreach( $server in (Get-ADComputer -Filter {(enabled -eq $True)} -SearchBase "OU=...,$((Get-ADDomain).ComputersContainer)").DNSHostname) {
	if(Test-Connection -ComputerName $server -Count 1 -Quiet) {
		Invoke-Command -ComputerName $server -Script {
			Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\HTTP\Parameters" | Select-Object EnableTrailerSupport
			[PSCustomObject]@{
				ServerName = $using:server
				EnableTrailerSupport = $_.EnableTrailerSupport
			}
		} | Select-Object ServerName,EnableTrailerSupport
	}
}Code language: PowerShell (powershell)

set a correct value for “OU=…”.

For a quick list of processes using http.sys, use:

netsh http show servicestateCode language: PowerShell (powershell)
foto van Jan Reilink

About the author

Hi, my name is Jan. I am not a hacker, coder, developer or guru. I am merely a systems administrator, doing my daily SysOps/DevOps thing at cldin. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.

0 0 votes
Article Rating
Subscribe
Notify of
1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
1 year ago

[…] Quickly check EnableTrailerSupport isn’t set in your network for http.sys (CVE-2022-21907) […]

1
0
Would love your thoughts, please comment.x
()
x