Check CVE-2020-1048 with AutoRuns

If you’ve seen what’s going on with CVE-2020-1048, it looks quite scary.

I’ve created an issue (#71) for this and added a detection in the Print Monitors category (see this commit)

I’ve published a digitally signed version of the AutoRuns module on the PowerShell Gallery as well.
(If you get started with AutoRuns, have a look at this README page.)

Now, if you do this,

Add-PrinterPort -Name "C:\windows\tracing\myport.txt"

You get it detected with the AutoRuns Module like this

Get-PSAutorun -PrintMonitorDLLs -VerifyDigitalSignature | 
Where { -not($_.Signed) }

Notice that there’s still an issue with the ImagePath property that needs to be fixed.
Anyway, it’s quick & dirty and detected 🙂
Happy hunting 😎

1 thought on “Check CVE-2020-1048 with AutoRuns

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.