If you want to find out fast if your IIS webservers have EnableTrailerSupport enabled for https.sys in the registry, here is a small PowerShell method. All you have to do is set the correct SearchBase.
To check wether you’re safe from CVE-2022-21907, execute the following PowerShell script. It automatically searches all servers in your AD network for the existence of the HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\EnableTrailerSupport registry value.
foreach( $server in (Get-ADComputer -Filter {(enabled -eq $True)} -SearchBase "OU=...,$((Get-ADDomain).ComputersContainer)").DNSHostname) {
if(Test-Connection -ComputerName $server -Count 1 -Quiet) {
Invoke-Command -ComputerName $server -Script {
Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\HTTP\Parameters" | Select-Object EnableTrailerSupport
[PSCustomObject]@{
ServerName = $using:server
EnableTrailerSupport = $_.EnableTrailerSupport
}
} | Select-Object ServerName,EnableTrailerSupport
}
}
Code language: PowerShell (powershell)
set a correct value for “OU=…”.
For a quick list of processes using http.sys, use:
netsh http show servicestate
Code language: PowerShell (powershell)
Show Your Support

If you want to step in to help me cover the costs for running this website, that would be awesome. Just use this link to donate a cup of coffee ☕($10 USD or €10 EUR for example). And please share the love and help others make use of this website. Thank you very much! <3 ❤️