Quickly check EnableTrailerSupport isn’t set in your network for http.sys (CVE-2022-21907)

If you want to find out fast if your IIS webservers have EnableTrailerSupport enabled for https.sys in the registry, here is a small PowerShell method. All you have to do is set the correct SearchBase.

To check wether you’re safe from CVE-2022-21907, execute the following PowerShell script. It automatically searches all servers in your AD network for the existence of the HKLM:\System\CurrentControlSet\Services\HTTP\Parameters\EnableTrailerSupport registry value.

foreach( $server in (Get-ADComputer -Filter {(enabled -eq $True)} -SearchBase "OU=...,$((Get-ADDomain).ComputersContainer)").DNSHostname) { if(Test-Connection -ComputerName $server -Count 1 -Quiet) { Invoke-Command -ComputerName $server -Script { Get-ItemProperty "HKLM:\System\CurrentControlSet\Services\HTTP\Parameters" | Select-Object EnableTrailerSupport [PSCustomObject]@{ ServerName = $using:server EnableTrailerSupport = $_.EnableTrailerSupport } } | Select-Object ServerName,EnableTrailerSupport } }
Code language: PowerShell (powershell)

Note: set a correct value for “OU=…“.

Sharing is caring
Show Buttons
Hide Buttons