Created
May 31, 2022 19:54
-
-
Save Smalls1652/c1f69d4b5f6cf95f3eede7618054f79d to your computer and use it in GitHub Desktop.
Intune Proactive Remediation - CVE-2022-30190
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-MSMSDTKey { | |
[CmdletBinding()] | |
param() | |
# Add registry hive 'HKEY_CLASSES_ROOT' as a PSDrive named 'HKCR'. | |
$null = New-PSDrive -Name "HKCR" -PSProvider "Registry" -Root "HKEY_CLASSES_ROOT" | |
# Test if the 'ms-msdt' key exists in 'HKCR'. | |
$testPathResult = Test-Path -Path "HKCR:\ms-msdt" | |
# Remove the 'HKCR' PSDrive. | |
Remove-PSDrive -Name "HKCR" | |
# Return the test result | |
return $testPathResult | |
} | |
$msmsdtKeyExists = Get-MSMSDTKey | |
if ($msmsdtKeyExists -eq $true) { | |
# If the key exists, then exit with code '1' to indicate that remediation needs to be done. | |
Write-Host "'HKEY_CLASSES_ROOT\ms-msdt' key exists. Needs to be remediated." | |
exit 1 | |
} | |
else { | |
# If the key does not exist, then exit with code '0' to indicate that no remediation needs to be done. | |
Write-Host "'HKEY_CLASSES_ROOT\ms-msdt' key does not exist. No remediation needed." | |
exit 0 | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Remove-MSMSDTKey { | |
[CmdletBinding()] | |
param() | |
# Add registry hive 'HKEY_CLASSES_ROOT' as a PSDrive named 'HKCR'. | |
$null = New-PSDrive -Name "HKCR" -PSProvider "Registry" -Root "HKEY_CLASSES_ROOT" | |
try { | |
# Remove the 'ms-msdt' key in 'HKCR'. | |
Remove-Item -Path "HKCR:\ms-msdt" -Recurse -Force -ErrorAction "Stop" | |
} | |
catch { | |
# Throw a terminating error generated by 'Remove-Item' | |
$errorDetails = $PSItem | |
$PSCmdlet.ThrowTerminatingError($errorDetails) | |
} | |
finally { | |
# Remove the 'HKCR' PSDrive, even if the removal fails. | |
Remove-PSDrive -Name "HKCR" | |
} | |
} | |
try { | |
# Remove the key on the system. | |
Remove-MSMSDTKey -ErrorAction "Stop" | |
# If no error occurred, then return '0' as an exit to indicate success. | |
exit 0 | |
} | |
catch { | |
# If an error occurred, then return the exception message and exit with '1' as the exit code. | |
return $PSItem.Exception.Message | |
exit 1 | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment