Defend Yourself From CVE-2023-23397

pull/185/head
Aleff 2023-06-27 09:53:16 +02:00 committed by GitHub
parent 0d27c643be
commit 8ac184df79
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 49 additions and 0 deletions

View File

@ -0,0 +1,49 @@
REM ########################################################
REM # |
REM # Title : Defend Yourself From CVE-2023-23397 |
REM # Author : Aleff |
REM # Version : 1.0 |
REM # Category : Credentials |
REM # Target : Windows 10/11 |
REM # |
REM ########################################################
REM PlugAndPlay <3
REM Requirements:
REM - ExecutionPolicy Bypass
REM Impacted Products:
REM - All supported versions of Microsoft Outlook for Windows are affected. Other versions of Microsoft Outlook such as Android, iOS, Mac, as well as Outlook on the web and other M365 services are not affected.
REM Mitigation:
REM - Block TCP 445/SMB outbound from your network by using a perimeter firewall, a local firewall, and via your VPN settings. This will prevent the sending of NTLM authentication messages to remote file shares.
REM Source: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23397
DELAY 1000
GUI x
DELAY 500
STRING a
DELAY 500
LEFTARROW
DELAY 500
ENTER
REM Import NetSecurity module
STRINGLN Import-Module NetSecurity
REM Create a new firewall rule for blocking outgoing connections on port 445
STRINGLN_BLOCK
$rule = New-NetFirewallRule -DisplayName "CVE-2023-23397" `
-Direction Outbound `
-Action Block `
-Protocol TCP `
-RemotePort 445
END_STRINGLN
REM Enable firewall rule
STRINGLN Enable-NetFirewallRule -Name $rule.Name
DELAY 500
REM See your new rule
STRINGLN Get-NetFirewallRule | Where-Object { $_.DisplayName -eq "CVE-2023-23397" }