JAR File Check [CVE-2021-44228]

First pass at making a SAM template to detect JAR files which could possibly be affected..  This only checks for existence.  There's probably more work to be done, but this is a start.

Uses PowerShell and robocopy, so it's only been tested on Windows systems using the agent.  It may work via WSMAN, but I don't have anything in my lab at the moment that can check for that.

I elected to use robocopy because it's significantly faster than Get-ChildItem, but presents a few of its own quirks.  It's still not a "fast" script because of the work it needs to do, but I can't find a way to make it faster (at the moment)  It's still not recommended to run frequently (default is once per 12 hours) and has a long timeout defined (30 minutes).

If you make any improvements, please feel free to re-upload an additional SAM template and I'll flag this as "Legacy."

Returns 4 results:

  • Drive Count
  • JAR Files Count
  • Files to Investigate Count
  • Script Execution Time

Note: This does not detect nor repair the CVE.  It only detects files which may be an indicator that you have an issue.

Final warning: This is still read-only intensive on all of your local drives.  You may see performance degradation, which is why it runs so infrequently.

Anonymous