{"id":208593,"date":"2023-08-25T15:49:36","date_gmt":"2023-08-25T15:49:36","guid":{"rendered":"https:\/\/www.ninjaone.com\/script-hub\/como-activar-la-correccion-cve-2023-32019-con-powershell\/"},"modified":"2025-09-05T17:21:57","modified_gmt":"2025-09-05T17:21:57","slug":"como-activar-la-correccion-cve-2023-32019-con-powershell","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/es\/script-hub\/como-activar-la-correccion-cve-2023-32019-con-powershell\/","title":{"rendered":"C\u00f3mo activar la correcci\u00f3n de CVE-2023-32019 con PowerShell"},"content":{"rendered":"

Las actualizaciones del martes de parches de Microsoft de junio de 2023 inclu\u00edan una soluci\u00f3n para una importante vulnerabilidad del Kernel de Windows, pero est\u00e1 desactivada por defecto. Aqu\u00ed tienes todo lo que necesitas saber, adem\u00e1s de un script que te ayudar\u00e1 a activar el parche en varias versiones de Windows.<\/p>\n

\u00bfQu\u00e9 es el CVE-2023-32019?<\/h2>\n

Microsoft califica al CVE-2023-32019<\/a> como una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del Kernel de Windows, que afecta a varias versiones, incluidas las \u00faltimas actualizaciones de Windows 10, Windows Server y Windows 11.<\/p>\n

Una explotaci\u00f3n exitosa podr\u00eda permitir al intruso ver la memoria heap de un proceso con privilegios ejecut\u00e1ndose en un servidor, y su activaci\u00f3n no requiere privilegios de administrador u otros privilegios elevados.\u00a0Lo que s\u00ed<\/span> requiere es que el intruso coordine el ataque con otro proceso privilegiado que ejecute otro usuario en el sistema.<\/p>\n

A pesar de una puntuaci\u00f3n base de CVSS relativamente modesta (4,7\/10), Microsoft ha se\u00f1alado esta vulnerabilidad como de severidad importante. Sin embargo, la correcci\u00f3n incluida en las actualizaciones de junio de 2023 requiere un paso adicional para activarla realmente. \u00bfPor qu\u00e9?<\/p>\n

\u00bfPor qu\u00e9 la correcci\u00f3n de CVE-2023-32019 est\u00e1 deshabilitada de forma predeterminada?<\/h2>\n

Aunque la documentaci\u00f3n de soporte de Microsoft<\/a> no es muy detallada, la compa\u00f1\u00eda s\u00ed explica que mitigar esta vulnerabilidad\u00a0 introduce un \u00abposible cambio de rotura\u00bb.<\/strong> Por lo tanto, est\u00e1n dejando que los usuarios activen manualmente la resoluci\u00f3n en entornos de prueba y anim\u00e1ndoles a que vigilen de cerca si se producen interrupciones antes de extender la soluci\u00f3n a un \u00e1mbito m\u00e1s amplio.<\/p>\n

Microsoft tambi\u00e9n afirma que \u00aben una versi\u00f3n futura, esta resoluci\u00f3n se habilitar\u00e1<\/span> de forma predeterminada. Te recomendamos que valides esta resoluci\u00f3n en tu entorno. A continuaci\u00f3n, tan pronto como se valide, habilita la resoluci\u00f3n lo antes posible\u00bb.<\/p>\n

C\u00f3mo activar la correcci\u00f3n de CVE-2023-32019 mediante PowerShell<\/h2>\n

Para mitigar esta vulnerabilidad es necesario que los usuarios establezcan un valor de clave de registro en funci\u00f3n de la versi\u00f3n de Windows que est\u00e9n ejecutando (cada versi\u00f3n requiere un valor de clave diferente). Basta decir que este paso adicional ha suscitado quejas.<\/a><\/p>\n

Para facilitar las cosas, nuestro Ingeniero de productos de software, Kyle Bohlander, ha creado el siguiente script que comprobar\u00e1 el sistema operativo y aplicar\u00e1 el cambio correcto en el registro, seg\u00fan corresponda.<\/p>\n

Nota:<\/strong> Este script no est\u00e1 limitado \u00fanicamente a los usuarios de NinjaOne, es de uso p\u00fablico. Sin embargo, tal y como aconseja Microsoft, esta correcci\u00f3n debe aplicarse en m\u00e1quinas de prueba antes de proceder a un despliegue m\u00e1s amplio y, como siempre, si decides ejecutarla es bajo tu propia responsabilidad.<\/p>\n

Autor del script Kyle Bohlander, Ingeniero de productos de software de NinjaOne<\/strong><\/p><\/blockquote>\n

#Requires -Version 5.1\r\n\r\n<#\r\n.SYNOPSIS\r\n    This script will apply the registry fix suggested by microsoft for CVE-2023-32019 for the particular OS the computer is run on. Please note not all OS's have a fix to apply!\r\n    https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\r\n.DESCRIPTION\r\n    This script will apply the registry fix suggested by microsoft for CVE-2023-32019 for the particular OS the computer is run on. Please note not all OS's have a fix to apply!\r\n    https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\r\n.EXAMPLE\r\n    (No Parameters)\r\n\r\n    Checking Windows Version....\r\n    Desktop Windows Detected!\r\n    Windows 10 identified!\r\n    22H2 Detected!\r\n    Set Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides4103588492 to 1\r\n    Successfully set registry key!\r\n\r\nPARAMETER: -Undo\r\n    Removes the registry key set for this fix. Script will error out if that registry key is not present.\r\n.EXAMPLE\r\n    -Undo\r\n    \r\n    Checking Windows Version....\r\n    Desktop Windows Detected!\r\n    Windows 10 identified!\r\n    22H2 Detected!\r\n    Undoing registry fix...\r\n    Successfully removed registry fix!\r\n\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Release: Initial Release (6\/15\/2023)\r\n    General notes\r\n#>\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [switch]$Undo\r\n)\r\n\r\nbegin {\r\n    # Tests that the script is elevated\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n\r\n    # We want the script to check if its running on a workstation or something else\r\n    function Test-IsWorkstation {\r\n        $OS = Get-CimInstance -ClassName Win32_OperatingSystem\r\n        return $OS.ProductType -eq 1\r\n    }\r\n\r\n    # This will set the registry key and any preceding keys needed\r\n    function Set-RegKey {\r\n        param (\r\n            $Path,\r\n            $Name,\r\n            $Value,\r\n            [ValidateSet(\"DWord\", \"QWord\", \"String\", \"ExpandedString\", \"Binary\", \"MultiString\", \"Unknown\")]\r\n            $PropertyType = \"DWord\"\r\n        )\r\n        if (-not $(Test-Path -Path $Path)) {\r\n            # Check if path does not exist and create the path\r\n            New-Item -Path $Path -Force | Out-Null\r\n        }\r\n        if ((Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore)) {\r\n            # Update property and print out what it was changed from and changed to\r\n            $CurrentValue = (Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore).$Name\r\n            try {\r\n                Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                Write-Error \"[Error] Unable to Set registry key for $Name please see below error!\"\r\n                Write-Error $_\r\n                exit 1\r\n            }\r\n            Write-Host \"$Path$Name changed from $CurrentValue to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore).$Name)\"\r\n        }\r\n        else {\r\n            # Create property with value\r\n            try {\r\n                New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $PropertyType -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                Write-Error \"[Error] Unable to Set registry key for $Name please see below error!\"\r\n                Write-Error $_\r\n                exit 1\r\n            }\r\n            Write-Host \"Set $Path$Name to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore).$Name)\"\r\n        }\r\n    }\r\n\r\n    # Is it Windows 10 or 11 or something else?\r\n    $WindowsVersion = [System.Environment]::OSVersion.Version.Major\r\n\r\n    # Current Build Number\r\n    $BuildNumber = [System.Environment]::OSVersion.Version.Build\r\n\r\n    # If Script Forms are used grab the input\r\n    if($env:Undo){$Undo = $env:Undo}\r\n}\r\nprocess {\r\n\r\n    # If not elevated error out. Admin priveledges are required to create HKLM registry keys\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n\r\n    # Keeping the end user updated on the status\r\n    Write-Host \"Checking Windows Version....\"\r\n    if (Test-IsWorkstation) {\r\n        Write-Host \"Desktop Windows Detected!\"\r\n        # Depending on the version we'll want to check on a different set of build numbers\r\n        switch ($WindowsVersion) {\r\n            \"10\" {\r\n                switch ($BuildNumber) {\r\n                    \"22621\" {\r\n                        Write-Host \"Windows 11 identified!\"\r\n                        Write-Host \"22H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4237806220\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"22000\" {\r\n                        Write-Host \"Windows 11 identified!\"\r\n                        Write-Host \"21H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4204251788\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"19045\" {\r\n                        # This sets us up to set the registry key depending on the current build and version.\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"22H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4103588492\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"19044\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"21H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4103588492\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"19042\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"20H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4103588492\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"17763\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"1809 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerConfiguration Manager\"\r\n                        $name = \"LazyRetryOnCommitFailure\"\r\n                        $value = \"0\"\r\n                    }\r\n                    \"14393\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"1607 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerConfiguration Manager\"\r\n                        $name = \"LazyRetryOnCommitFailure\"\r\n                        $value = \"0\"\r\n                    }\r\n                    default {\r\n                        Write-Warning \"Looks like you're either on an unsupported windows build or one not supported by this script? (Only Win 11 22H2 and 21H1 and Win 10 22H2,21H2,21H1,20H2,1809 and 1607 has a fix out!)\" \r\n                        Write-Warning \"https:\/\/en.wikipedia.org\/wiki\/Windows_10_version_history\"\r\n                        Write-Warning \"https:\/\/en.wikipedia.org\/wiki\/Windows_11_version_history\"\r\n                        Write-Error \"[Error] This version of windows cannot be remediated by this script? Please verify this https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\"\r\n                        exit 1\r\n                    }\r\n                }\r\n            }\r\n            default {\r\n                Write-Warning \"Looks like you're on a version of windows not supported by this script? (Only Windows 10 and 11 have a fix out!)\"\r\n                Write-Error \"[Error] This version of windows appears to not be applicable or cannot be remediated by this script? Please verify this https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\"\r\n                exit 1\r\n            }\r\n        }\r\n    }\r\n    else {\r\n        Write-Host \"Windows Server Detected!\"\r\n        if (Get-ComputerInfo | Select-Object OSName | Where-Object { $_.OSName -like \"*2022*\" }) {\r\n            $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n            $name = \"4137142924\"\r\n            $value = \"1\"\r\n        }\r\n        else {\r\n            Write-Warning \"Looks like you're on a version of windows not supported by this script? (Only Server 2022 has a fix out!)\"\r\n            Write-Error \"[Error] This version of windows appears to not be applicable or cannot be remediated by this script? Please verify this https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\"\r\n            exit 1\r\n        }\r\n    }\r\n\r\n    if ($key -and -not $Undo) {\r\n        Set-RegKey -Path $key -Name $name -Value $value -PropertyType DWord\r\n        if ((Get-ItemPropertyValue -Path $key -Name $name -ErrorAction Ignore) -ne $value) {\r\n            Write-Error \"[Error] Unable to set registry key? Is something blocking the script?\"\r\n            exit 1\r\n        }\r\n        else {\r\n            Write-Host \"Successfully set registry key!\"\r\n            exit 0\r\n        }\r\n    }\r\n    elseif ($Undo) {\r\n        if (Get-ItemProperty -Path $key -ErrorAction Ignore) {\r\n            Write-Host \"Undoing registry fix...\"\r\n            Remove-ItemProperty -Path $key -Name $name\r\n            if (Get-ItemProperty -Path $key -ErrorAction Ignore) {\r\n                Write-Error \"[Error] Unable to undo registry fix!\"\r\n                exit 1\r\n            }\r\n            else {\r\n                Write-Host \"Successfully removed registry fix!\"\r\n                exit 0\r\n            }\r\n        }\r\n        else {\r\n            Write-Error \"[Error] Registry Key not found? Did you already undo it?\"\r\n            exit 1\r\n        }\r\n    }else{\r\n        Write-Error \"[Error] Unable to find registry key to set!\"\r\n        exit 1\r\n    }\r\n}\r\nend {\r\n    $ScriptName = \"CVE-2023-32019 Remediation\"\r\n    $ScriptVariables = @(\r\n        [PSCustomObject]@{\r\n            name           = \"Undo\"\r\n            calculatedName = \"undo\"\r\n            required       = $false\r\n            defaultValue   = $false\r\n            valueType      = \"CHECKBOX\"\r\n            valueList      = $null\r\n            description    = \"Whether or not to undo the registry fix.\"\r\n        }\r\n    )\r\n}<\/pre>\n
 <\/p>\n\n","protected":false},"author":28,"featured_media":140430,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[4262],"class_list":["post-208593","script_hub","type-script_hub","status-publish","has-post-thumbnail","hentry","script_hub_category-windows","use_cases-mantenimiento"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/script_hub\/208593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/comments?post=208593"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/media\/140430"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/media?parent=208593"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/operating_system?post=208593"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/es\/wp-json\/wp\/v2\/use_cases?post=208593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}