From 9f116afd5b6053eb40036b295780a3b239c853cc Mon Sep 17 00:00:00 2001 From: David Paulson Date: Mon, 28 Oct 2024 12:55:53 -0500 Subject: [PATCH] Add CVE-2024-49040 check --- .../Invoke-AnalyzerSecurityCve-2024-49040.ps1 | 55 +++++++++++++++++++ .../Invoke-AnalyzerSecurityCveCheck.ps1 | 2 + .../Tests/HealthChecker.E16.Main.Tests.ps1 | 4 +- .../Tests/HealthChecker.E19.Main.Tests.ps1 | 2 +- 4 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2024-49040.ps1 diff --git a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2024-49040.ps1 b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2024-49040.ps1 new file mode 100644 index 0000000000..56d45e2065 --- /dev/null +++ b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCve-2024-49040.ps1 @@ -0,0 +1,55 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +. $PSScriptRoot\..\Add-AnalyzedResultInformation.ps1 +function Invoke-AnalyzerSecurityCve-2024-49040 { + [CmdletBinding()] + param( + [Parameter(Mandatory = $true)] + [ref]$AnalyzeResults, + + [Parameter(Mandatory = $true)] + [object]$SecurityObject, + + [Parameter(Mandatory = $true)] + [object]$DisplayGroupingKey + ) + begin { + Write-Verbose "Calling: $($MyInvocation.MyCommand)" + $exchangeInformation = $SecurityObject.ExchangeInformation + $organizationInformation = $SecurityObject.OrgInformation + $exchangeBuild = $exchangeInformation.BuildInformation.VersionInformation.BuildVersion + # cSpell:disable + # Need to disable cSpell because this is the name of the override + $filterParameterName = "AddDisclaimerforRegexMatch" + # cSpell:enable + } + process { + $params = @{ + ExchangeSettingOverride = $exchangeInformation.SettingOverrides + GetSettingOverride = $organizationInformation.GetSettingOverride + FilterServer = $exchangeInformation.GetExchangeServer.Name + FilterServerVersion = $exchangeBuild + FilterComponentName = "Transport" + FilterSectionName = "NonCompliantSenderSettings" + FilterParameterName = $filterParameterName + } + [array]$nonCompliantSenderSettings = Get-FilteredSettingOverrideInformation @params + + $overrideDisabled = $nonCompliantSenderSettings.Count -gt 0 -and + ($null -ne ($nonCompliantSenderSettings | Where-Object { $_.ParameterValue -eq "false" })) + $isSuApplied = (Test-ExchangeBuildGreaterOrEqualThanSecurityPatch -CurrentExchangeBuild $SecurityObject.BuildInformation -SUName "Nov24SU") + + if (-not $isSuApplied -or $overrideDisabled) { + $params = @{ + AnalyzedInformation = $AnalyzeResults + DisplayGroupingKey = $DisplayGroupingKey + Name = "Security Vulnerability" + Details = ("{0} - Override Is Set: $overrideDisabled`r`n`t`tSee: https://portal.msrc.microsoft.com/security-guidance/advisory/{0} for more information." -f "CVE-2024-49040") + DisplayWriteType = "Red" + DisplayTestingValue = "CVE-2024-49040" + } + Add-AnalyzedResultInformation @params + } + } +} diff --git a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCveCheck.ps1 b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCveCheck.ps1 index c4bb99ed89..ea60b6a001 100644 --- a/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCveCheck.ps1 +++ b/Diagnostics/HealthChecker/Analyzer/Security/Invoke-AnalyzerSecurityCveCheck.ps1 @@ -9,6 +9,7 @@ . $PSScriptRoot\Invoke-AnalyzerSecurityCve-2022-21978.ps1 . $PSScriptRoot\Invoke-AnalyzerSecurityCve-2023-36434.ps1 . $PSScriptRoot\Invoke-AnalyzerSecurityCveAddressedBySerializedDataSigning.ps1 +. $PSScriptRoot\Invoke-AnalyzerSecurityCve-2024-49040.ps1 . $PSScriptRoot\Invoke-AnalyzerSecurityCve-MarchSuSpecial.ps1 . $PSScriptRoot\Invoke-AnalyzerSecurityExtendedProtectionConfigState.ps1 . $PSScriptRoot\Invoke-AnalyzerSecurityIISModules.ps1 @@ -211,6 +212,7 @@ function Invoke-AnalyzerSecurityCveCheck { Invoke-AnalyzerSecurityCveAddressedBySerializedDataSigning -AnalyzeResults $AnalyzeResults -SecurityObject $securityObject -DisplayGroupingKey $DisplayGroupingKey Invoke-AnalyzerSecurityCve-MarchSuSpecial -AnalyzeResults $AnalyzeResults -SecurityObject $securityObject -DisplayGroupingKey $DisplayGroupingKey Invoke-AnalyzerSecurityADV24199947 -AnalyzeResults $AnalyzeResults -SecurityObject $securityObject -DisplayGroupingKey $DisplayGroupingKey + Invoke-AnalyzerSecurityCve-2024-49040 -AnalyzeResults $AnalyzeResults -SecurityObject $securityObject -DisplayGroupingKey $DisplayGroupingKey # Make sure that these stay as the last one to keep the output more readable Invoke-AnalyzerSecurityExtendedProtectionConfigState -AnalyzeResults $AnalyzeResults -SecurityObject $securityObject -DisplayGroupingKey $DisplayGroupingKey } diff --git a/Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1 b/Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1 index a80a8798f9..5115bc7cd3 100644 --- a/Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1 +++ b/Diagnostics/HealthChecker/Tests/HealthChecker.E16.Main.Tests.ps1 @@ -144,11 +144,11 @@ Describe "Testing Health Checker by Mock Data Imports - Exchange 2016" { $cveTests.Contains("CVE-2020-1147") | Should -Be $true $cveTests.Contains("CVE-2023-36039") | Should -Be $true $cveTests.Contains("ADV24199947") | Should -Be $true - $cveTests.Count | Should -Be 51 + $cveTests.Count | Should -Be 52 $downloadDomains = GetObject "CVE-2021-1730" $downloadDomains.DownloadDomainsEnabled | Should -Be "false" - $Script:ActiveGrouping.Count | Should -Be 58 + $Script:ActiveGrouping.Count | Should -Be 59 } } diff --git a/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 b/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 index 2cf80475e7..723a8253e8 100644 --- a/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 +++ b/Diagnostics/HealthChecker/Tests/HealthChecker.E19.Main.Tests.ps1 @@ -157,7 +157,7 @@ Describe "Testing Health Checker by Mock Data Imports" { $cveTests.Contains("CVE-2023-36434") | Should -Be $true $cveTests.Contains("CVE-2023-36039") | Should -Be $true $cveTests.Contains("ADV24199947") | Should -Be $true - $cveTests.Count | Should -Be 51 + $cveTests.Count | Should -Be 52 $downloadDomains = GetObject "CVE-2021-1730" $downloadDomains.DownloadDomainsEnabled | Should -Be "False" TestObjectMatch "Extended Protection Vulnerable" "True" -WriteType "Red"