Quickly check EnableTrailerSupport isn’t set in your network for http.sys (CVE-2022-21907)

Photo of author
Written By Jan Reilink

Windows Server system administrator & enthusiast.

If you want to find out fast if your IIS webservers have EnableTrailerSupport enabled for https.sys in the registry, here is a small PowerShell method. All you have to do is set the correct SearchBase.

To check wether you’re safe from CVE-2022-21907, execute the following PowerShell script. It automatically searches all servers in your AD network for the existence of the HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\EnableTrailerSupport registry value.

foreach( $server in (Get-ADComputer -Filter {(enabled -eq $True)} -SearchBase "OU=...,$((Get-ADDomain).ComputersContainer)").DNSHostname) { if(Test-Connection -ComputerName $server -Count 1 -Quiet) { Invoke-Command -ComputerName $server -Script { Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\HTTP\Parameters" | Select-Object EnableTrailerSupport [PSCustomObject]@{ ServerName = $using:server EnableTrailerSupport = $_.EnableTrailerSupport } } | Select-Object ServerName,EnableTrailerSupport } }
Code language: PowerShell (powershell)

set a correct value for β€œOU=β€¦β€œ.

For a quick list of processes using http.sys, use:

netsh http show servicestate
Code language: PowerShell (powershell)

Did you like: Quickly check EnableTrailerSupport isn’t set in your network for http.sys (CVE-2022-21907)

Then please, take a second to support Sysadmins of the North and donate!

Your generosity helps pay for the ongoing costs associated with running this website like coffee, hosting services, library mirrors, domain renewals, time for article research, and coffee, just to name a few.



1 thought on “Quickly check EnableTrailerSupport isn’t set in your network for http.sys (CVE-2022-21907)”

Hi! Join the discussion, leave a reply!