Created
March 29, 2023 23:23
-
-
Save xtrasimplicity/0513c55c98fa030184039b63dc304d30 to your computer and use it in GitHub Desktop.
CVE-2023-23397 - Outlook Elevation of Privilege vulnerability
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Devices joined to a domain, which receive these via GPO | |
| netsh advfirewall firewall show rule name="Outbound SMB: Allow to LAN" type=dynamic >nul || netsh advfirewall firewall add rule name="Outbound SMB: Allow to LAN" protocol=TCP remoteip="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" remoteport=445 action=allow dir=out | |
| netsh advfirewall firewall show rule name="Outbound SMB: Block All" type=dynamic >nul || netsh advfirewall firewall add rule name="Outbound SMB: Block All" protocol=TCP remoteip=any remoteport=445 action=block dir=out | |
| netsh advfirewall set allprofiles state on | |
| netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound | |
| # Devices NOT joined to a domain, or which don't receive these via GPO | |
| netsh advfirewall firewall show rule name="Outbound SMB: Allow to LAN" >nul || netsh advfirewall firewall add rule name="Outbound SMB: Allow to LAN" protocol=TCP remoteip="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" remoteport=445 action=allow dir=out | |
| netsh advfirewall firewall show rule name="Outbound SMB: Block All" >nul || netsh advfirewall firewall add rule name="Outbound SMB: Block All" protocol=TCP remoteip=any remoteport=445 action=block dir=out | |
| netsh advfirewall set allprofiles state on | |
| netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment