msdiagtool-CVE-2022-30190.cmd

@ECHO off
:: Validation Script Template For Commands v3
Setlocal EnableDelayedExpansion

:: Errorlevel 0: OK 
:: Errorlevel 1: ERR
:: Errorlevel 999: Not Applicable

SET _title=EventSentry Validation Script: Threat Intel: Microsoft Support Diagnostic Tool Vulnerability CVE-2022-30190

TITLE %_title% started on %date%-%time%
SET "_commandline=%__AppDir__%reg.exe export HKEY_CLASSES_ROOT\ms-msdt
SET "_commandline2=%__AppDir__%reg.exe delete HKEY_CLASSES_ROOT\ms-msdt /f
SET _bck_folder=%WINDIR%\system32\eventsentry\backups
SET _bck_file=CVE-2022-30190-Back.reg
MD "%_bck_folder%" 2>nul >nul


:: N Any machine [Server or not], Y for must be Server and M must NOT be a Server
:: Must be a Windows Server? Yes No Must
SET _winserv=N
:: Must be a Windows Server Domain Controller? Yes No Must
SET _winDC=N

if %_winserv% == N GOTO TESTS
if %_winserv% == M GOTO WinServ

%__AppDir__%reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /V "ProductName"  2>nul | %__AppDir__%findstr /C:"Server" >nul
IF %ERRORLEVEL% == 0 (
    GOTO FIRST
) ELSE (
    ECHO Not Applicable [Not Windows Server]
    EXIT /b 999
)

:WinServ
%__AppDir__%reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /V "ProductName"  2>nul | %__AppDir__%findstr /C:"Server" >nul
IF %ERRORLEVEL% == 1 (
    GOTO FIRST
) ELSE (
    ECHO ERR - %_title%
    ECHO Not Applicable [Windows Server]
    EXIT /b 999
)

:FIRST
if %_winDC% == N GOTO TESTS
%__AppDir__%reg.exe  query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters" 2>nul >nul

IF %ERRORLEVEL% == 0 (
    GOTO TESTS
) ELSE (
    ECHO ERR - %_title%
    ECHO Not Applicable [Not a domain Controller]
    EXIT /b 999
)

:TESTS

:: IF Backup File Exist, skip backup
IF EXIST "%_bck_folder%\%_bck_file%" GOTO SKIPBCK

ECHO Backing Up Registry to %_bck_folder%\%_bck_file%
%_commandline% %_bck_folder%\%_bck_file% 2>nul

:SKIPBCK
ECHO Deleting Registry Key...

%_commandline2% 2>nul

:: Check if Key was deleted

%__AppDir__%reg.exe query HKEY_CLASSES_ROOT\ms-msdt 2>nul >nul

IF %ERRORLEVEL% == 0 (
    ECHO ERR - %_title%
    ECHO ERR [ Command Failed ]
    EXIT /b 1
) ELSE (
    ECHO OK - %_title%
    ECHO OK [ Everything OK ]
    EXIT /b 0
)

IF %ERRORLEVEL% == 0 EXIT /b 1
IF %ERRORLEVEL% == 1 EXIT /b 0
EXIT /b 999

GOTO :EOF