{"id":520791,"date":"2025-09-05T12:13:59","date_gmt":"2025-09-05T12:13:59","guid":{"rendered":"https:\/\/www.ninjaone.com\/?post_type=script_hub&#038;p=520791"},"modified":"2025-09-05T17:22:30","modified_gmt":"2025-09-05T17:22:30","slug":"wie-sie-die-korrektur-fuer-cve-2023-32019-mit-powershell-aktivieren-koennen","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/de\/script-hub\/wie-sie-die-korrektur-fuer-cve-2023-32019-mit-powershell-aktivieren-koennen\/","title":{"rendered":"Wie Sie die Korrektur f\u00fcr CVE-2023-32019 mit PowerShell aktivieren k\u00f6nnen"},"content":{"rendered":"<p>Microsofts Patch Tuesday-Updates vom Juni 2023 enthielten eine Sicherheitskorrektur f\u00fcr eine wichtige Schwachstelle im Windows-Kernel, aber die L\u00f6sung ist jedoch standardm\u00e4\u00dfig deaktiviert. Hier finden Sie alles, was Sie wissen m\u00fcssen, sowie ein Skript, mit dem Sie den Patch f\u00fcr verschiedene Windows-Versionen aktivieren k\u00f6nnen.<\/p>\n<h2>Was ist CVE-2023-32019?<\/h2>\n<p>Laut Microsoft handelt es sich bei <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-32019\" target=\"_blank\" rel=\"noopener\">CVE-2023-32019<\/a> um eine Schwachstelle im Windows-Kernel, die mehrere Windows-Versionen betrifft, darunter die neuesten Versionen von Windows 10, Windows Server und Windows 11.<\/p>\n<p>Bei erfolgreicher Ausnutzung kann ein Angreifer den dynamischen Speicher (Heap) eines mit Administratorrechten ausgef\u00fchrten Prozesses einsehen, der auf einem Server l\u00e4uft. Daf\u00fcr sind\u00a0<span style=\"text-decoration: underline;\">keine<\/span> Administrator- oder sonstigen erweiterten Berechtigungen erforderlich. <span style=\"text-decoration: underline;\">Allerdings<\/span> muss der Angreifer den Angriff mit einem anderen privilegierten Prozess koordinieren, der von einem anderen Benutzer auf dem System ausgef\u00fchrt wird.<\/p>\n<p>Trotz einer relativ bescheidenen CVSS-Basisbewertung von 4,7 von 10 hat Microsoft die Schwachstelle als besonders schwerwiegend eingestuft. Die in den Updates vom Juni 2023 enthaltene Korrektur erfordert jedoch einen zus\u00e4tzlichen Schritt f\u00fcr die Aktivierung. Warum ist das so?<\/p>\n<h2>Warum ist die Korrektur f\u00fcr CVE-2023-32019 standardm\u00e4\u00dfig deaktiviert?<\/h2>\n<p><a href=\"https:\/\/support.microsoft.com\/de-de\/topic\/kb5028407-verwalten-der-sicherheitsanf%C3%A4lligkeit-im-zusammenhang-mit-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\" target=\"_blank\" rel=\"noopener\">Die Support-Dokumentation von Microsoft<\/a> enth\u00e4lt zwar nur wenige Details, aber das Unternehmen erkl\u00e4rt, dass die Behebung dieser Schwachstelle\u00a0 <strong> \u201epotenzielle Ausfallzeiten\u201c verursachen k\u00f6nnte.<\/strong> Daher \u00fcberl\u00e4sst es Microsoft den Anwender:innen, die L\u00f6sung in Testumgebungen manuell zu aktivieren, und fordert sie auf, die St\u00f6rungen genau zu beobachten, bevor sie die L\u00f6sung auf breiter Basis ausrollen.<\/p>\n<p>Microsoft f\u00fcgt noch hinzu, dass \u201ediese\u00a0Korrekturma\u00dfnahme in einer zuk\u00fcnftigen Version standardm\u00e4\u00dfig aktiviert sein <span style=\"text-decoration: underline;\">wird<\/span>. Wir empfehlen Ihnen, diese Korrekturma\u00dfnahme in Ihrer Umgebung zu \u00fcberpr\u00fcfen. Sobald sie validiert ist, sollten Sie die Korrektur so schnell wie m\u00f6glich aktivieren.\u201c<\/p>\n<h2>So aktivieren Sie das Patch f\u00fcr CVE-2023-32019 mit PowerShell<\/h2>\n<p>Um die Schwachstelle zu beheben, m\u00fcssen Benutzer:innen einen Registrierungsschl\u00fcssel-Wert festlegen, der von der jeweiligen Windows-Version abh\u00e4ngt (jede Version erfordert einen anderen Schl\u00fcsselwert). Es gen\u00fcgt zu sagen, dass dieser zus\u00e4tzliche Schritt <a href=\"https:\/\/twitter.com\/RyanLNewington\/status\/1669264505787019266\" target=\"_blank\" rel=\"noopener\">zu Beschwerden gef\u00fchrt hat<\/a>.<\/p>\n<p>Um die Arbeit zu erleichtern, hat unser Software Product Engineer Kyle Bohlander das folgende Skript erstellt, das das Betriebssystem \u00fcberpr\u00fcft und die korrekte \u00c4nderung der Registrierung vornimmt.<\/p>\n<p><strong>Hinweis:<\/strong> Dieses Skript ist nicht nur auf NinjaOne-Benutzer:innen beschr\u00e4nkt. Es kann von jedem verwendet werden. Wie Microsoft jedoch r\u00e4t, sollte diese Korrektur vor einer breiteren Anwendung auf Testrechnern implementiert werden, und wie \u00fcblich geschieht dies auf eigene Gefahr.<\/p>\n<p>&nbsp;<\/p>\n<blockquote><p>Skriptentwickler: <strong>Kyle Bohlander, Software Product Engineer bei NinjaOne<\/strong><\/p><\/blockquote>\n<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">#Requires -Version 5.1\r\n\r\n&lt;#\r\n.SYNOPSIS\r\n    This script will apply the registry fix suggested by microsoft for CVE-2023-32019 for the particular OS the computer is run on. Please note not all OS's have a fix to apply!\r\n    https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\r\n.DESCRIPTION\r\n    This script will apply the registry fix suggested by microsoft for CVE-2023-32019 for the particular OS the computer is run on. Please note not all OS's have a fix to apply!\r\n    https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\r\n.EXAMPLE\r\n    (No Parameters)\r\n\r\n    Checking Windows Version....\r\n    Desktop Windows Detected!\r\n    Windows 10 identified!\r\n    22H2 Detected!\r\n    Set Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides4103588492 to 1\r\n    Successfully set registry key!\r\n\r\nPARAMETER: -Undo\r\n    Removes the registry key set for this fix. Script will error out if that registry key is not present.\r\n.EXAMPLE\r\n    -Undo\r\n    \r\n    Checking Windows Version....\r\n    Desktop Windows Detected!\r\n    Windows 10 identified!\r\n    22H2 Detected!\r\n    Undoing registry fix...\r\n    Successfully removed registry fix!\r\n\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Release: Initial Release (6\/15\/2023)\r\n    General notes\r\n#&gt;\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [switch]$Undo\r\n)\r\n\r\nbegin {\r\n    # Tests that the script is elevated\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n\r\n    # We want the script to check if its running on a workstation or something else\r\n    function Test-IsWorkstation {\r\n        $OS = Get-CimInstance -ClassName Win32_OperatingSystem\r\n        return $OS.ProductType -eq 1\r\n    }\r\n\r\n    # This will set the registry key and any preceding keys needed\r\n    function Set-RegKey {\r\n        param (\r\n            $Path,\r\n            $Name,\r\n            $Value,\r\n            [ValidateSet(\"DWord\", \"QWord\", \"String\", \"ExpandedString\", \"Binary\", \"MultiString\", \"Unknown\")]\r\n            $PropertyType = \"DWord\"\r\n        )\r\n        if (-not $(Test-Path -Path $Path)) {\r\n            # Check if path does not exist and create the path\r\n            New-Item -Path $Path -Force | Out-Null\r\n        }\r\n        if ((Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore)) {\r\n            # Update property and print out what it was changed from and changed to\r\n            $CurrentValue = (Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore).$Name\r\n            try {\r\n                Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                Write-Error \"[Error] Unable to Set registry key for $Name please see below error!\"\r\n                Write-Error $_\r\n                exit 1\r\n            }\r\n            Write-Host \"$Path$Name changed from $CurrentValue to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore).$Name)\"\r\n        }\r\n        else {\r\n            # Create property with value\r\n            try {\r\n                New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $PropertyType -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                Write-Error \"[Error] Unable to Set registry key for $Name please see below error!\"\r\n                Write-Error $_\r\n                exit 1\r\n            }\r\n            Write-Host \"Set $Path$Name to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore).$Name)\"\r\n        }\r\n    }\r\n\r\n    # Is it Windows 10 or 11 or something else?\r\n    $WindowsVersion = [System.Environment]::OSVersion.Version.Major\r\n\r\n    # Current Build Number\r\n    $BuildNumber = [System.Environment]::OSVersion.Version.Build\r\n\r\n    # If Script Forms are used grab the input\r\n    if($env:Undo){$Undo = $env:Undo}\r\n}\r\nprocess {\r\n\r\n    # If not elevated error out. Admin priveledges are required to create HKLM registry keys\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n\r\n    # Keeping the end user updated on the status\r\n    Write-Host \"Checking Windows Version....\"\r\n    if (Test-IsWorkstation) {\r\n        Write-Host \"Desktop Windows Detected!\"\r\n        # Depending on the version we'll want to check on a different set of build numbers\r\n        switch ($WindowsVersion) {\r\n            \"10\" {\r\n                switch ($BuildNumber) {\r\n                    \"22621\" {\r\n                        Write-Host \"Windows 11 identified!\"\r\n                        Write-Host \"22H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4237806220\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"22000\" {\r\n                        Write-Host \"Windows 11 identified!\"\r\n                        Write-Host \"21H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4204251788\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"19045\" {\r\n                        # This sets us up to set the registry key depending on the current build and version.\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"22H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4103588492\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"19044\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"21H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4103588492\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"19042\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"20H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4103588492\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"17763\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"1809 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerConfiguration Manager\"\r\n                        $name = \"LazyRetryOnCommitFailure\"\r\n                        $value = \"0\"\r\n                    }\r\n                    \"14393\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"1607 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerConfiguration Manager\"\r\n                        $name = \"LazyRetryOnCommitFailure\"\r\n                        $value = \"0\"\r\n                    }\r\n                    default {\r\n                        Write-Warning \"Looks like you're either on an unsupported windows build or one not supported by this script? (Only Win 11 22H2 and 21H1 and Win 10 22H2,21H2,21H1,20H2,1809 and 1607 has a fix out!)\" \r\n                        Write-Warning \"https:\/\/en.wikipedia.org\/wiki\/Windows_10_version_history\"\r\n                        Write-Warning \"https:\/\/en.wikipedia.org\/wiki\/Windows_11_version_history\"\r\n                        Write-Error \"[Error] This version of windows cannot be remediated by this script? Please verify this https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\"\r\n                        exit 1\r\n                    }\r\n                }\r\n            }\r\n            default {\r\n                Write-Warning \"Looks like you're on a version of windows not supported by this script? (Only Windows 10 and 11 have a fix out!)\"\r\n                Write-Error \"[Error] This version of windows appears to not be applicable or cannot be remediated by this script? Please verify this https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\"\r\n                exit 1\r\n            }\r\n        }\r\n    }\r\n    else {\r\n        Write-Host \"Windows Server Detected!\"\r\n        if (Get-ComputerInfo | Select-Object OSName | Where-Object { $_.OSName -like \"*2022*\" }) {\r\n            $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n            $name = \"4137142924\"\r\n            $value = \"1\"\r\n        }\r\n        else {\r\n            Write-Warning \"Looks like you're on a version of windows not supported by this script? (Only Server 2022 has a fix out!)\"\r\n            Write-Error \"[Error] This version of windows appears to not be applicable or cannot be remediated by this script? Please verify this https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\"\r\n            exit 1\r\n        }\r\n    }\r\n\r\n    if ($key -and -not $Undo) {\r\n        Set-RegKey -Path $key -Name $name -Value $value -PropertyType DWord\r\n        if ((Get-ItemPropertyValue -Path $key -Name $name -ErrorAction Ignore) -ne $value) {\r\n            Write-Error \"[Error] Unable to set registry key? Is something blocking the script?\"\r\n            exit 1\r\n        }\r\n        else {\r\n            Write-Host \"Successfully set registry key!\"\r\n            exit 0\r\n        }\r\n    }\r\n    elseif ($Undo) {\r\n        if (Get-ItemProperty -Path $key -ErrorAction Ignore) {\r\n            Write-Host \"Undoing registry fix...\"\r\n            Remove-ItemProperty -Path $key -Name $name\r\n            if (Get-ItemProperty -Path $key -ErrorAction Ignore) {\r\n                Write-Error \"[Error] Unable to undo registry fix!\"\r\n                exit 1\r\n            }\r\n            else {\r\n                Write-Host \"Successfully removed registry fix!\"\r\n                exit 0\r\n            }\r\n        }\r\n        else {\r\n            Write-Error \"[Error] Registry Key not found? Did you already undo it?\"\r\n            exit 1\r\n        }\r\n    }else{\r\n        Write-Error \"[Error] Unable to find registry key to set!\"\r\n        exit 1\r\n    }\r\n}\r\nend {\r\n    $ScriptName = \"CVE-2023-32019 Remediation\"\r\n    $ScriptVariables = @(\r\n        [PSCustomObject]@{\r\n            name           = \"Undo\"\r\n            calculatedName = \"undo\"\r\n            required       = $false\r\n            defaultValue   = $false\r\n            valueType      = \"CHECKBOX\"\r\n            valueList      = $null\r\n            description    = \"Whether or not to undo the registry fix.\"\r\n        }\r\n    )\r\n}<\/pre>\n<p>&nbsp;<\/p>\n\n","protected":false},"author":28,"featured_media":140424,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[4306],"class_list":["post-520791","script_hub","type-script_hub","status-publish","has-post-thumbnail","hentry","script_hub_category-windows"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/de\/wp-json\/wp\/v2\/script_hub\/520791","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/de\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/de\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/de\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/de\/wp-json\/wp\/v2\/comments?post=520791"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/de\/wp-json\/wp\/v2\/media\/140424"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/de\/wp-json\/wp\/v2\/media?parent=520791"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/de\/wp-json\/wp\/v2\/operating_system?post=520791"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/de\/wp-json\/wp\/v2\/use_cases?post=520791"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}