{"id":804779,"date":"2026-05-05T12:51:11","date_gmt":"2026-05-05T12:51:11","guid":{"rendered":"https:\/\/www.ninjaone.com\/?post_type=script_hub&p=804779"},"modified":"2026-05-05T12:51:11","modified_gmt":"2026-05-05T12:51:11","slug":"how-to-enable-cve-2023-32019-fix-powershell","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/pt-br\/script-hub\/how-to-enable-cve-2023-32019-fix-powershell\/","title":{"rendered":"Como habilitar a corre\u00e7\u00e3o do CVE-2023-32019 com o PowerShell"},"content":{"rendered":"

As atualiza\u00e7\u00f5es do Patch Tuesday de junho de 2023 da Microsoft inclu\u00edram uma corre\u00e7\u00e3o para uma importante vulnerabilidade do kernel do Windows, mas ela est\u00e1 desativada por padr\u00e3o. Aqui est\u00e1 tudo o que voc\u00ea precisa saber, al\u00e9m de um script para ajud\u00e1-lo a ativar o patch em v\u00e1rias vers\u00f5es do Windows.<\/p>\n

O que \u00e9 o CVE-2023-32019?<\/h2>\n

A Microsoft caracteriza a CVE-2023-32019<\/a> como uma vulnerabilidade de divulga\u00e7\u00e3o de informa\u00e7\u00f5es do kernel do Windows que afeta v\u00e1rias vers\u00f5es do Windows, incluindo as vers\u00f5es mais recentes do Windows 10, Windows Server e Windows 11.<\/p>\n

Uma explora\u00e7\u00e3o bem-sucedida poderia permitir que um invasor visualizasse a mem\u00f3ria heap de um processo privilegiado em execu\u00e7\u00e3o em um servidor, e isso\u00a0 n\u00e3o<\/span> exige privil\u00e9gios de administrador ou outros privil\u00e9gios elevados para ser acionado. No entanto ,<\/span> ele exige que o invasor coordene o ataque com outro processo privilegiado executado por outro usu\u00e1rio no sistema.<\/p>\n

Apesar de uma pontua\u00e7\u00e3o b\u00e1sica CVSS relativamente modesta de 4,7 \/ 10, a Microsoft sinalizou a vulnerabilidade como de gravidade importante. No entanto, a corre\u00e7\u00e3o inclu\u00edda nas atualiza\u00e7\u00f5es de junho de 2023 requer uma etapa adicional para realmente ativ\u00e1-la. O que est\u00e1 acontecendo?<\/p>\n

Por que a corre\u00e7\u00e3o do CVE-2023-32019 est\u00e1 desativada por padr\u00e3o?<\/h2>\n

Embora a documenta\u00e7\u00e3o de suporte da Microsoft<\/a> n\u00e3o contenha muitos detalhes, a empresa explica que a atenua\u00e7\u00e3o dessa vulnerabilidade\u00a0 introduz uma “poss\u00edvel mudan\u00e7a de ruptura”<\/strong> Portanto, eles est\u00e3o deixando para os usu\u00e1rios a tarefa de ativar manualmente a resolu\u00e7\u00e3o em ambientes de teste e incentivando-os a monitorar de perto a interrup\u00e7\u00e3o antes de implementar a corre\u00e7\u00e3o de forma mais ampla.<\/p>\n

A Microsoft tamb\u00e9m afirma que, “em uma vers\u00e3o futura, essa resolu\u00e7\u00e3o\u00a0 ser\u00e1<\/span> ativada por padr\u00e3o. Recomendamos que voc\u00ea valide essa resolu\u00e7\u00e3o em seu ambiente. Ent\u00e3o, assim que for validado, habilite a resolu\u00e7\u00e3o o mais r\u00e1pido poss\u00edvel.”<\/p>\n

Como ativar a corre\u00e7\u00e3o para o CVE-2023-32019 usando o PowerShell<\/h2>\n

A mitiga\u00e7\u00e3o da vulnerabilidade exige que os usu\u00e1rios definam um valor de chave de registro com base na vers\u00e3o do Windows que est\u00e3o executando (cada vers\u00e3o exige um valor de chave diferente). Basta dizer que essa etapa adicional gerou reclama\u00e7\u00f5es.<\/a><\/p>\n

Para ajudar a facilitar as coisas, nosso engenheiro de produtos de software Kyle Bohlander criou o seguinte script que verificar\u00e1 o sistema operacional e aplicar\u00e1 a altera\u00e7\u00e3o correta no registro.<\/p>\n

Observa\u00e7\u00e3o:<\/strong> Esse script n\u00e3o se limita apenas aos usu\u00e1rios do NinjaOne. Ele pode ser usado por qualquer pessoa. No entanto, como a Microsoft aconselha, essa corre\u00e7\u00e3o deve ser implantada em m\u00e1quinas de teste antes de uma implanta\u00e7\u00e3o mais ampla e, como de costume, se voc\u00ea optar por execut\u00e1-la, ser\u00e1 por sua pr\u00f3pria conta e risco.<\/p>\n

 <\/p>\n

Autor do roteiro: Kyle Bohlander, engenheiro de produtos de software da NinjaOne<\/strong><\/p><\/blockquote>\n

#Requires -Version 5.1\r\n\r\n<#\r\n.SYNOPSIS\r\n    This script will apply the registry fix suggested by microsoft for CVE-2023-32019 for the particular OS the computer is run on. Please note not all OS's have a fix to apply!\r\n    https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\r\n.DESCRIPTION\r\n    This script will apply the registry fix suggested by microsoft for CVE-2023-32019 for the particular OS the computer is run on. Please note not all OS's have a fix to apply!\r\n    https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\r\n.EXAMPLE\r\n    (No Parameters)\r\n\r\n    Checking Windows Version....\r\n    Desktop Windows Detected!\r\n    Windows 10 identified!\r\n    22H2 Detected!\r\n    Set Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides4103588492 to 1\r\n    Successfully set registry key!\r\n\r\nPARAMETER: -Undo\r\n    Removes the registry key set for this fix. Script will error out if that registry key is not present.\r\n.EXAMPLE\r\n    -Undo\r\n    \r\n    Checking Windows Version....\r\n    Desktop Windows Detected!\r\n    Windows 10 identified!\r\n    22H2 Detected!\r\n    Undoing registry fix...\r\n    Successfully removed registry fix!\r\n\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Release: Initial Release (6\/15\/2023)\r\n    General notes\r\n#>\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [switch]$Undo\r\n)\r\n\r\nbegin {\r\n    # Tests that the script is elevated\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n\r\n    # We want the script to check if its running on a workstation or something else\r\n    function Test-IsWorkstation {\r\n        $OS = Get-CimInstance -ClassName Win32_OperatingSystem\r\n        return $OS.ProductType -eq 1\r\n    }\r\n\r\n    # This will set the registry key and any preceding keys needed\r\n    function Set-RegKey {\r\n        param (\r\n            $Path,\r\n            $Name,\r\n            $Value,\r\n            [ValidateSet(\"DWord\", \"QWord\", \"String\", \"ExpandedString\", \"Binary\", \"MultiString\", \"Unknown\")]\r\n            $PropertyType = \"DWord\"\r\n        )\r\n        if (-not $(Test-Path -Path $Path)) {\r\n            # Check if path does not exist and create the path\r\n            New-Item -Path $Path -Force | Out-Null\r\n        }\r\n        if ((Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore)) {\r\n            # Update property and print out what it was changed from and changed to\r\n            $CurrentValue = (Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore).$Name\r\n            try {\r\n                Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                Write-Error \"[Error] Unable to Set registry key for $Name please see below error!\"\r\n                Write-Error $_\r\n                exit 1\r\n            }\r\n            Write-Host \"$Path$Name changed from $CurrentValue to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore).$Name)\"\r\n        }\r\n        else {\r\n            # Create property with value\r\n            try {\r\n                New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $PropertyType -Force -Confirm:$false -ErrorAction Stop | Out-Null\r\n            }\r\n            catch {\r\n                Write-Error \"[Error] Unable to Set registry key for $Name please see below error!\"\r\n                Write-Error $_\r\n                exit 1\r\n            }\r\n            Write-Host \"Set $Path$Name to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction Ignore).$Name)\"\r\n        }\r\n    }\r\n\r\n    # Is it Windows 10 or 11 or something else?\r\n    $WindowsVersion = [System.Environment]::OSVersion.Version.Major\r\n\r\n    # Current Build Number\r\n    $BuildNumber = [System.Environment]::OSVersion.Version.Build\r\n\r\n    # If Script Forms are used grab the input\r\n    if($env:Undo){$Undo = $env:Undo}\r\n}\r\nprocess {\r\n\r\n    # If not elevated error out. Admin priveledges are required to create HKLM registry keys\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Error -Message \"Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n\r\n    # Keeping the end user updated on the status\r\n    Write-Host \"Checking Windows Version....\"\r\n    if (Test-IsWorkstation) {\r\n        Write-Host \"Desktop Windows Detected!\"\r\n        # Depending on the version we'll want to check on a different set of build numbers\r\n        switch ($WindowsVersion) {\r\n            \"10\" {\r\n                switch ($BuildNumber) {\r\n                    \"22621\" {\r\n                        Write-Host \"Windows 11 identified!\"\r\n                        Write-Host \"22H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4237806220\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"22000\" {\r\n                        Write-Host \"Windows 11 identified!\"\r\n                        Write-Host \"21H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4204251788\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"19045\" {\r\n                        # This sets us up to set the registry key depending on the current build and version.\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"22H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4103588492\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"19044\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"21H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4103588492\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"19042\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"20H2 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n                        $name = \"4103588492\"\r\n                        $value = \"1\"\r\n                    }\r\n                    \"17763\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"1809 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerConfiguration Manager\"\r\n                        $name = \"LazyRetryOnCommitFailure\"\r\n                        $value = \"0\"\r\n                    }\r\n                    \"14393\" {\r\n                        Write-Host \"Windows 10 identified!\"\r\n                        Write-Host \"1607 Detected!\"\r\n                        $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerConfiguration Manager\"\r\n                        $name = \"LazyRetryOnCommitFailure\"\r\n                        $value = \"0\"\r\n                    }\r\n                    default {\r\n                        Write-Warning \"Looks like you're either on an unsupported windows build or one not supported by this script? (Only Win 11 22H2 and 21H1 and Win 10 22H2,21H2,21H1,20H2,1809 and 1607 has a fix out!)\" \r\n                        Write-Warning \"https:\/\/en.wikipedia.org\/wiki\/Windows_10_version_history\"\r\n                        Write-Warning \"https:\/\/en.wikipedia.org\/wiki\/Windows_11_version_history\"\r\n                        Write-Error \"[Error] This version of windows cannot be remediated by this script? Please verify this https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\"\r\n                        exit 1\r\n                    }\r\n                }\r\n            }\r\n            default {\r\n                Write-Warning \"Looks like you're on a version of windows not supported by this script? (Only Windows 10 and 11 have a fix out!)\"\r\n                Write-Error \"[Error] This version of windows appears to not be applicable or cannot be remediated by this script? Please verify this https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\"\r\n                exit 1\r\n            }\r\n        }\r\n    }\r\n    else {\r\n        Write-Host \"Windows Server Detected!\"\r\n        if (Get-ComputerInfo | Select-Object OSName | Where-Object { $_.OSName -like \"*2022*\" }) {\r\n            $key = \"Registry::HKEY_LOCAL_MACHINESYSTEMCurrentControlSetPoliciesMicrosoftFeatureManagementOverrides\"\r\n            $name = \"4137142924\"\r\n            $value = \"1\"\r\n        }\r\n        else {\r\n            Write-Warning \"Looks like you're on a version of windows not supported by this script? (Only Server 2022 has a fix out!)\"\r\n            Write-Error \"[Error] This version of windows appears to not be applicable or cannot be remediated by this script? Please verify this https:\/\/support.microsoft.com\/en-au\/topic\/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080\"\r\n            exit 1\r\n        }\r\n    }\r\n\r\n    if ($key -and -not $Undo) {\r\n        Set-RegKey -Path $key -Name $name -Value $value -PropertyType DWord\r\n        if ((Get-ItemPropertyValue -Path $key -Name $name -ErrorAction Ignore) -ne $value) {\r\n            Write-Error \"[Error] Unable to set registry key? Is something blocking the script?\"\r\n            exit 1\r\n        }\r\n        else {\r\n            Write-Host \"Successfully set registry key!\"\r\n            exit 0\r\n        }\r\n    }\r\n    elseif ($Undo) {\r\n        if (Get-ItemProperty -Path $key -ErrorAction Ignore) {\r\n            Write-Host \"Undoing registry fix...\"\r\n            Remove-ItemProperty -Path $key -Name $name\r\n            if (Get-ItemProperty -Path $key -ErrorAction Ignore) {\r\n                Write-Error \"[Error] Unable to undo registry fix!\"\r\n                exit 1\r\n            }\r\n            else {\r\n                Write-Host \"Successfully removed registry fix!\"\r\n                exit 0\r\n            }\r\n        }\r\n        else {\r\n            Write-Error \"[Error] Registry Key not found? Did you already undo it?\"\r\n            exit 1\r\n        }\r\n    }else{\r\n        Write-Error \"[Error] Unable to find registry key to set!\"\r\n        exit 1\r\n    }\r\n}\r\nend {\r\n    $ScriptName = \"CVE-2023-32019 Remediation\"\r\n    $ScriptVariables = @(\r\n        [PSCustomObject]@{\r\n            name           = \"Undo\"\r\n            calculatedName = \"undo\"\r\n            required       = $false\r\n            defaultValue   = $false\r\n            valueType      = \"CHECKBOX\"\r\n            valueList      = $null\r\n            description    = \"Whether or not to undo the registry fix.\"\r\n        }\r\n    )\r\n}<\/pre>\n
 <\/p>\n\n","protected":false},"author":28,"featured_media":140428,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","_lmt_disableupdate":"no","_lmt_disable":""},"operating_system":[4212],"use_cases":[12457],"class_list":["post-804779","script_hub","type-script_hub","status-publish","has-post-thumbnail","hentry","script_hub_category-windows"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/script_hub\/804779","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/script_hub"}],"about":[{"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/types\/script_hub"}],"author":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/users\/28"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/comments?post=804779"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/media\/140428"}],"wp:attachment":[{"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/media?parent=804779"}],"wp:term":[{"taxonomy":"script_hub_category","embeddable":true,"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/operating_system?post=804779"},{"taxonomy":"use_cases","embeddable":true,"href":"https:\/\/www.ninjaone.com\/pt-br\/wp-json\/wp\/v2\/use_cases?post=804779"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}