{"id":208091,"date":"2023-07-24T07:50:14","date_gmt":"2023-07-24T07:50:14","guid":{"rendered":"https:\/\/www.ninjaone.com\/script-hub\/come-attivare-la-risoluzione-cve-2023-32019-con-powershell\/"},"modified":"2025-09-05T17:22:07","modified_gmt":"2025-09-05T17:22:07","slug":"come-attivare-la-risoluzione-cve-2023-32019-con-powershell","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/it\/script-hub\/come-attivare-la-risoluzione-cve-2023-32019-con-powershell\/","title":{"rendered":"Come attivare la risoluzione per CVE-2023-32019 con PowerShell"},"content":{"rendered":"

Gli aggiornamenti del Patch Tuesday di giugno 2023 di Microsoft includono una risoluzione per un’importante vulnerabilit\u00e0 del kernel di Windows; ma per impostazione predefinita la risoluzione \u00e8 disattivata. Ecco tutto quello che c’\u00e8 da sapere, oltre a uno script che ti aiuter\u00e0 ad attivare la patch nelle varie versioni di Windows.<\/p>\n

Che cos’\u00e8 CVE-2023-32019?<\/h2>\n

Microsoft definisce CVE-2023-32019<\/a> come una vulnerabilit\u00e0 relativa a una possibilit\u00e0 di divulgazione delle informazioni sul kernel di Windows, che ha un impatto su diverse versioni di Windows, tra cui le ultime versioni di Windows 10, Windows Server e Windows 11. Sfruttare con successo questa vulnerabilit\u00e0 potrebbe consentire a un aggressore di visualizzare la memoria heap da un processo privilegiato in esecuzione su un server \u00a0 senza che siano necessari<\/span> privilegi di amministratore o altri privilegi elevati per l’attivazione. Tuttavia per l\u2019aggressore sarebbe necessario<\/span> coordinare l’attacco usando un altro processo privilegiato eseguito da un altro utente sul sistema. Nonostante un punteggio base CVSS relativamente modesto di 4,7\/10, Microsoft ha segnalato la vulnerabilit\u00e0 come di gravit\u00e0 importante. Tuttavia, la correzione inclusa negli aggiornamenti di giugno 2023 richiede un ulteriore passaggio per essere effettivamente attivata. Che succede?<\/p>\n

Perch\u00e9 la correzione per CVE-2023-32019 \u00e8 disabilitata per impostazione predefinita?<\/h2>\n

Sebbene la documentazione di supporto di Microsoft<\/a> sia povera di dettagli, l’azienda spiega che la riduzione dei rischi di questa vulnerabilit\u00e0\u00a0 comporta una modifica che potenzialmente potrebbe provocare dei malfunzionamenti. <\/strong> Per questo motivo, si lascia agli utenti il compito di attivare manualmente la risoluzione negli ambienti di test e si consiglia di monitorare attentamente eventuali malfunzionamenti prima di distribuire la soluzione in modo pi\u00f9 ampio. Microsoft aggiunge inoltre che “in una versione futura, questa \u00a0soluzione sar\u00e0<\/span> abilitata per impostazione predefinita”. Ti consigliamo di testare e valutare questa risoluzione nel tuo ambiente. Poi, non appena sar\u00e0 stata verificata, attivala il prima possibile”<\/p>\n

Come attivare la correzione per CVE-2023-32019 utilizzando PowerShell<\/h2>\n

Per ridurre il rischi della vulnerabilit\u00e0, gli utenti devono impostare il valore di una chiave di registro in base alla versione di Windows in uso (ogni versione richiede un valore di chiave diverso). \u00c8 sufficiente dire che questo ulteriore passo necessario ha suscitato lamentele.<\/a> Per semplificare le cose, il nostro Software Product Engineer Kyle Bohlander ha creato il seguente script che controller\u00e0 la versione del sistema operativo e applicher\u00e0 di conseguenza la modifica corretta del registro. Nota:<\/strong> Questo script non \u00e8 utilizzabile solo dagli utenti di NinjaOne. Pu\u00f2 essere utilizzato da chiunque. Come consiglia Microsoft, tuttavia, questa correzione deve essere distribuita su macchine di test prima di una distribuzione pi\u00f9 ampia e, come di consueto, se decidessi di attivarla, lo faresti a tuo rischio e pericolo.<\/p>\n

Autore dello script: Kyle Bohlander, Software Product Engineer presso NinjaOne<\/strong><\/p><\/blockquote>\n

#Requires -Version 5.1\r\n\r\n<#\r\n.SYNOPSIS\r\n    This script will apply the registry fix suggested by microsoft for CVE-2023-32019 for the particular OS the computer is run on. Please note not all OS's have a fix to apply!\r\n    https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\r\n.DESCRIPTION\r\n    This script will apply the registry fix suggested by microsoft for CVE-2023-32019 for the particular OS the computer is run on. Please note not all OS's have a fix to apply!\r\n    https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\r\n.EXAMPLE\r\n    (No Parameters)\r\n\r\n    Checking Windows Version....\r\n    Desktop Windows Detected!\r\n    Windows 10 identified!\r\n    22H2 Detected!\r\n    Set Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides4103588492 to 1\r\n    Successfully set registry key!\r\n\r\nPARAMETER: -Undo\r\n    Removes the registry key set for this fix. Script will error out if that registry key is not present.\r\n.EXAMPLE\r\n    -Undo\r\n    \r\n    Checking Windows Version....\r\n    Desktop Windows Detected!\r\n    Windows 10 identified!\r\n    22H2 Detected!\r\n    Undoing registry fix...\r\n    Successfully removed registry fix!\r\n\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Release: Initial Release (6\/15\/2023)\r\n    General notes\r\n#>\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [switch]$Undo\r\n)\r\n\r\nbegin {\r\n    # Tests that the script is elevated\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n\r\n    # We want the script to check if its running on a workstation or something else\r\n    function Test-IsWorkstation {\r\n        $OS = Get-CimInstance -ClassName Win32_OperatingSystem\r\n        return $OS.ProductType -eq 1\r\n    }\r\n\r\n    # This will set the registry key and any preceding keys needed\r\n    function Set-RegKey {\r\n        param (\r\n            $Path,\r\n            $Name,\r\n            $Value,\r\n            [ValidateSet(\"DWord\", \"QWord\", \"String\", \"ExpandedString\", \"Binary\", \"MultiString\", \"Unknown\")]\r\n            $PropertyType = \"DWord\"\r\n        )\r\n        if (-not $(Test-Path -Path $Path)) {\r\n            # Check if path does not exist and create the path\r\n            New-Item -Path $Path -Force | Out-Null\r\n        }\r\n        if ((Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore)) {\r\n            # Update property and print out what it was changed from and changed to\r\n            $CurrentValue = (Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore).$Name\r\n            try {\r\n                Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                Write-Error \"[Error] Unable to Set registry key for $Name please see below error!\"\r\n                Write-Error $_\r\n                exit 1\r\n            }\r\n            Write-Host \"$Path$Name changed from $CurrentValue to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore).$Name)\"\r\n        }\r\n        else {\r\n            # Create property with value\r\n            try {\r\n                New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $PropertyType -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                Write-Error \"[Error] Unable to Set registry key for $Name please see below error!\"\r\n                Write-Error $_\r\n                exit 1\r\n            }\r\n            Write-Host \"Set $Path$Name to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore).$Name)\"\r\n        }\r\n    }\r\n\r\n    # Is it Windows 10 or 11 or something else?\r\n    $WindowsVersion = [System.Environment]::OSVersion.Version.Major\r\n\r\n    # Current Build Number\r\n    $BuildNumber = [System.Environment]::OSVersion.Version.Build\r\n\r\n    # If Script Forms are used grab the input\r\n    if($env:Undo){$Undo = $env:Undo}\r\n}\r\nprocess {\r\n\r\n    # If not elevated error out. Admin priveledges are required to create HKLM registry keys\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n\r\n    # Keeping the end user updated on the status\r\n    Write-Host \"Checking Windows Version....\"\r\n    if (Test-IsWorkstation) {\r\n        Write-Host \"Desktop Windows Detected!\"\r\n        # Depending on the version we'll want to check on a different set of build numbers\r\n        switch ($WindowsVersion) {\r\n            \"10\" {\r\n                switch ($BuildNumber) {\r\n                    \"22621\" {\r\n                        Write-Host \"Windows 11 identified!\"\r\n                        Write-Host \"22H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4237806220\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"22000\" {\r\n                        Write-Host \"Windows 11 identified!\"\r\n                        Write-Host \"21H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4204251788\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"19045\" {\r\n                        # This sets us up to set the registry key depending on the current build and version.\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"22H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4103588492\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"19044\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"21H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4103588492\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"19042\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"20H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4103588492\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"17763\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"1809 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerConfiguration Manager\"\r\n                        $name = \"LazyRetryOnCommitFailure\"\r\n                        $value = \"0\"\r\n                    }\r\n                    \"14393\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"1607 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerConfiguration Manager\"\r\n                        $name = \"LazyRetryOnCommitFailure\"\r\n                        $value = \"0\"\r\n                    }\r\n                    default {\r\n                        Write-Warning \"Looks like you're either on an unsupported windows build or one not supported by this script? (Only Win 11 22H2 and 21H1 and Win 10 22H2,21H2,21H1,20H2,1809 and 1607 has a fix out!)\" \r\n                        Write-Warning \"https:\/\/en.wikipedia.org\/wiki\/Windows_10_version_history\"\r\n                        Write-Warning \"https:\/\/en.wikipedia.org\/wiki\/Windows_11_version_history\"\r\n                        Write-Error \"[Error] This version of windows cannot be remediated by this script? Please verify this https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\"\r\n                        exit 1\r\n                    }\r\n                }\r\n            }\r\n            default {\r\n                Write-Warning \"Looks like you're on a version of windows not supported by this script? (Only Windows 10 and 11 have a fix out!)\"\r\n                Write-Error \"[Error] This version of windows appears to not be applicable or cannot be remediated by this script? Please verify this https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\"\r\n                exit 1\r\n            }\r\n        }\r\n    }\r\n    else {\r\n        Write-Host \"Windows Server Detected!\"\r\n        if (Get-ComputerInfo | Select-Object OSName | Where-Object { $_.OSName -like \"*2022*\" }) {\r\n            $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n            $name = \"4137142924\"\r\n            $value = \"1\"\r\n        }\r\n        else {\r\n            Write-Warning \"Looks like you're on a version of windows not supported by this script? (Only Server 2022 has a fix out!)\"\r\n            Write-Error \"[Error] This version of windows appears to not be applicable or cannot be remediated by this script? Please verify this https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\"\r\n            exit 1\r\n        }\r\n    }\r\n\r\n    if ($key -and -not $Undo) {\r\n        Set-RegKey -Path $key -Name $name -Value $value -PropertyType DWord\r\n        if ((Get-ItemPropertyValue -Path $key -Name $name -ErrorAction Ignore) -ne $value) {\r\n            Write-Error \"[Error] Unable to set registry key? Is something blocking the script?\"\r\n            exit 1\r\n        }\r\n        else {\r\n            Write-Host \"Successfully set registry key!\"\r\n            exit 0\r\n        }\r\n    }\r\n    elseif ($Undo) {\r\n        if (Get-ItemProperty -Path $key -ErrorAction Ignore) {\r\n            Write-Host \"Undoing registry fix...\"\r\n            Remove-ItemProperty -Path $key -Name $name\r\n            if (Get-ItemProperty -Path $key -ErrorAction Ignore) {\r\n                Write-Error \"[Error] Unable to undo registry fix!\"\r\n                exit 1\r\n            }\r\n            else {\r\n                Write-Host \"Successfully removed registry fix!\"\r\n                exit 0\r\n            }\r\n        }\r\n        else {\r\n            Write-Error \"[Error] Registry Key not found? Did you already undo it?\"\r\n            exit 1\r\n        }\r\n    }else{\r\n        Write-Error \"[Error] Unable to find registry key to set!\"\r\n        exit 1\r\n    }\r\n}\r\nend {\r\n    $ScriptName = \"CVE-2023-32019 Remediation\"\r\n    $ScriptVariables = @(\r\n        [PSCustomObject]@{\r\n            name           = \"Undo\"\r\n            calculatedName = \"undo\"\r\n            required       = $false\r\n            defaultValue   = $false\r\n            valueType      = \"CHECKBOX\"\r\n            valueList      = $null\r\n            description    = \"Whether or not to undo the registry fix.\"\r\n        }\r\n    )\r\n}<\/pre>\n
 <\/p>\n\n","protected":false},"author":28,"featured_media":140425,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[4272],"class_list":["post-208091","script_hub","type-script_hub","status-publish","has-post-thumbnail","hentry","script_hub_category-windows","use_cases-manutenzione"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/script_hub\/208091","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/comments?post=208091"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/media\/140425"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/media?parent=208091"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/operating_system?post=208091"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/it\/wp-json\/wp\/v2\/use_cases?post=208091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}