This repository has been archived by the owner on Apr 25, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathDetect-CVE-2017-15361-TPM.audit
33 lines (30 loc) · 4.03 KB
/
Detect-CVE-2017-15361-TPM.audit
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
<check_type : "Windows" version : "2">
<group_policy : "Detects Windows systems that have an enabled Trusted Platform Module (TPM) that is vulnerable to CVE-2017-15361 aka Return of Coppersmith's Attack (ROCA) aka Infineon RSA key generation vulnerability">
<custom_item>
type: AUDIT_POWERSHELL
description: "Detects Windows systems that have an enabled Trusted Platform Module (TPM) that is vulnerable to CVE-2017-15361 aka Return of Coppersmith's Attack (ROCA) aka Infineon RSA key generation vulnerability. Requires that PowerShell 2.0 is installed on the systems that are scanned. Tested on Windows 7 and later."
info: "
See the following web sites for more information about the vulnerability:
https://www.kb.cert.org/vuls/id/307015
https://www.infineon.com/cms/en/product/promopages/rsa-update/
https://www.infineon.com/cms/en/product/promopages/rsa-update/rsa-background
https://www.infineon.com/cms/en/product/promopages/tpm-update/
See the following web sites for more information on operating system patches and TPM firmware updates:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012
https://us.answers.acer.com/app/answers/detail/a_id/51137
http://www.fujitsu.com/global/support/products/software/security/products-f/ifsa-201701e.html
https://support.hp.com/us-en/document/c05792935
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en_us
https://support.lenovo.com/us/en/product_security/LEN-15552
https://support.toshiba.com/sscontent?contentId=4015874
"
value_type: POLICY_TEXT
value_data: "False"
check_type: CHECK_EQUAL
powershell_args: "JAB2AHUAbABuAGUAcgBhAGIAbABlACAAPQAgACQAZgBhAGwAcwBlAA0ACgAkAHQAcABtACAAPQAgACQAbgB1AGwAbAANAAoAdAByAHkAIAB7AA0ACgAkAHQAcABtACAAPQAgAEcAZQB0AC0AVwBtAGkATwBiAGoAZQBjAHQAIAAtAEMAbABhAHMAcwAgACcAVwBpAG4AMwAyAF8AVABQAE0AJwAgAC0ATgBhAG0AZQBzAHAAYQBjAGUAIAAnAHIAbwBvAHQALwBjAGkAbQB2ADIALwBTAGUAYwB1AHIAaQB0AHkALwBNAGkAYwByAG8AcwBvAGYAdABUAFAATQAnACAALQBFAHIAcgBvAHIAQQBjAHQAaQBvAG4AIABTAGkAbABlAG4AdABsAHkAQwBvAG4AdABpAG4AdQBlAA0ACgB9ACAAYwBhAHQAYwBoACAAewB9AA0ACgBpAGYAIAAoACQAdABwAG0AIAAtAG4AZQAgACQAbgB1AGwAbAApACAAewANAAoAaQBmACgAJAB0AHAAbQAuAE0AYQBuAHUAZgBhAGMAdAB1AHIAZQByAEkAZAAgAC0AZQBxACAAMAB4ADQAOQA0ADYANQA4ADAAMAApACAAewANAAoAaQBmACAAKAAkAHQAcABtAC4ATQBhAG4AdQBmAGEAYwB0AHUAcgBlAHIAVgBlAHIAcwBpAG8AbgAuAEwAZQBuAGcAdABoACAALQBnAGUAIAAzACkAIAB7AA0ACgAkAHYAZQByAHMAaQBvAG4AIAA9ACAAWwBTAHkAcwB0AGUAbQAuAFYAZQByAHMAaQBvAG4AXQAkAHQAcABtAC4ATQBhAG4AdQBmAGEAYwB0AHUAcgBlAHIAVgBlAHIAcwBpAG8AbgANAAoAcwB3AGkAdABjAGgAIAAoACQAdgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgApACAAewANAAoANAAgAHsAJAB2AHUAbABuAGUAcgBhAGIAbABlACAAPQAgACgAJAB2AGUAcgBzAGkAbwBuAC4ATQBpAG4AbwByACAALQBsAGUAIAAzADMAIAAtAG8AcgAgAEAAKAA0ADAALgAuADQAMgApACAALQBjAG8AbgB0AGEAaQBuAHMAIAAkAHYAZQByAHMAaQBvAG4ALgBNAGkAbgBvAHIAKQA7AGIAcgBlAGEAawB9AA0ACgA1ACAAewAkAHYAdQBsAG4AZQByAGEAYgBsAGUAIAA9ACAAKAAkAHYAZQByAHMAaQBvAG4ALgBNAGkAbgBvAHIAIAAtAGwAZQAgADYAMQApADsAYgByAGUAYQBrAH0ADQAKADYAIAB7ACQAdgB1AGwAbgBlAHIAYQBiAGwAZQAgAD0AIAAoACQAdgBlAHIAcwBpAG8AbgAuAE0AaQBuAG8AcgAgAC0AbABlACAANAAyACkAOwBiAHIAZQBhAGsAfQANAAoANwAgAHsAJAB2AHUAbABuAGUAcgBhAGIAbABlACAAPQAgACgAJAB2AGUAcgBzAGkAbwBuAC4ATQBpAG4AbwByACAALQBsAGUAIAA2ADEAKQA7AGIAcgBlAGEAawB9AA0ACgAxADMAMwAgAHsAJAB2AHUAbABuAGUAcgBhAGIAbABlACAAPQAgACgAJAB2AGUAcgBzAGkAbwBuAC4ATQBpAG4AbwByACAALQBsAGUAIAAzADIAKQA7AGIAcgBlAGEAawB9AA0ACgAxADQAOQAgAHsAJAB2AHUAbABuAGUAcgBhAGIAbABlACAAPQAgACgAJAB2AGUAcgBzAGkAbwBuAC4ATQBpAG4AbwByACAALQBsAGUAIAAzADIAKQA7AGIAcgBlAGEAawB9AA0ACgBkAGUAZgBhAHUAbAB0ACAAewAkAHYAdQBsAG4AZQByAGEAYgBsAGUAIAA9ACAAJABmAGEAbABzAGUAOwBiAHIAZQBhAGsAfQANAAoAfQANAAoAfQANAAoAfQANAAoAfQANAAoAJAB2AHUAbABuAGUAcgBhAGIAbABlAA=="
ps_encoded_args: YES
only_show_cmd_output: NO
severity: HIGH
</custom_item>
</group_policy>
</check_type>