starting working towards final Edge detection code

2025-09-01 07:05:11 +00:00 · 2018-01-26 14:09:33 -05:00
parent c9bdd2d98d
commit 01aa99a859
1 changed files with 63 additions and 10 deletions
--- a/verification/windows/Verify-Spectre-Meltdown-Mitigations-Windows-Browsers.audit
+++ b/verification/windows/Verify-Spectre-Meltdown-Mitigations-Windows-Browsers.audit
@@ -242,21 +242,74 @@
            info: "
                Detects if Edge is updated.
-                TODO: check correct Edge version on different releases and architectures of Windows
+                TODO: check correct Edge version on different releases, architectures, and role (client vs server) of Windows.
-                Windows 10 1709 - gt 41.16299.15.0
+                Windows 10 clients:
-                Windows 10 1703 - greater than ?
+                    Windows 10 1709 - gt 41.16299.15.0
-                Windows 10 1607 - ge 38.14393.1066.0
+                    Windows 10 1703 - greater than ?
-                Windows 10 1511 - greater than ?
+                    Windows 10 1607 - ge 38.14393.1066.0
-                Windows 10 1507 - greater than ? 
+                    Windows 10 1511 - greater than ?
                    Windows 10 1507 - greater than ? 
                Windows 10 servers:
                    Windows Server 2016 (1607) - 
                    Windows Server 1709 - none since no Edge?
                Executes PowerShell code:
                $major = 0;
                $minor = 0;
                $build = 0;
                $revision = 0;
-                $groups = (@(Get-Item HKCU:\Software\Classes\AppX* | ForEach-Object { Get-ItemProperty -Path ($_.Name.Replace('HKEY_CURRENT_USER','HKCU:') + '\Application') -Name 'ApplicationName' -ErrorAction SilentlyContinue | Select-Object -Property 'ApplicationName' -ExpandProperty 'ApplicationName' } | Where-Object {$_ -match '^@\{Microsoft.MicrosoftEdge_(\d{1,8}\.\d{1,8}\.\d{1,8}\.\d{1,8})_.*$'} | Get-Unique)[0] | Select-String -Pattern '^@\{Microsoft.MicrosoftEdge_(\d{1,8}\.\d{1,8}\.\d{1,8}\.\d{1,8})_.*$').Matches.Groups;
+                $currentVersionPath = 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion';
                $key = Get-ItemProperty -Path $currentVersionPath -ErrorAction SilentlyContinue;
                $isWindows10orLater = $null -ne ($key.PSObject.Properties.Name -contains 'CurrentMajorVersionNumber');
-                if($groups -eq $null) {
+                if($isWindows10orLater) {
-                    $true
+                    $major = [Uint32]($key.CurrentMajorVersionNumber);
                    $minor = [UInt32]($key.CurrentMinorVersionNumber);
                    $build = [UInt32]($key.CurrentBuildNumber);
                } else {
-                   ([System.Version]$groups[1].Value).CompareTo([System.Version]'41.16299.15.0') -gt 0
+                    $major = [UInt32](($key.CurrentVersion -split '\.')[0]);
                    $minor = [UInt32](($key.CurrentVersion -split '\.')[1]);
                    $build = [UInt32]($key.CurrentBuild);
                }
                if($key.PSObject.Properties.Name -contains 'UBR') {
                    $revision = [UInt32]($key.UBR)
                } 
                $osVersion = [System.Version]('{0}.{1}.{2}.{3}' -f $major,$minor,$build,$revision)
                if ($osVersion.Major -ge 10) {
                    if($key.PSObject.Properties.Name -contains 'ReleaseId') {
                        $releaseId = [UInt32]$key.ReleaseId 
                    } else {
                        $releaseId = 1507
                    }
                    $groups = (@(Get-Item HKCU:\Software\Classes\AppX* | ForEach-Object { Get-ItemProperty -Path ($_.Name.Replace('HKEY_CURRENT_USER','HKCU:') + '\Application') -Name 'ApplicationName' -ErrorAction SilentlyContinue | Select-Object -Property 'ApplicationName' -ExpandProperty 'ApplicationName' } | Where-Object {$_ -match '^@\{Microsoft.MicrosoftEdge_(\d{1,8}\.\d{1,8}\.\d{1,8}\.\d{1,8})_.*$'} | Get-Unique)[0] | Select-String -Pattern '^@\{Microsoft.MicrosoftEdge_(\d{1,8}\.\d{1,8}\.\d{1,8}\.\d{1,8})_.*$').Matches.Groups;
                    if($groups -eq $null) {
                        $false
                    } else {
                        $edgeVersion = [System.Version]($groups[1].Value)
                    }
                    $isClient = $key.InstallationType -eq 'Client';
                    switch($releaseId) {
                        1709 { $requiredEdgeVersion = [System.Version]'41.16299.15.0'; break }
                        1703 { $requiredEdgeVersion = [System.Version]'40.15063.0.0'; break }
                        1607 { $requiredEdgeVersion = [System.Version]'38.14393.1066.0'; break }
                        1511 { $requiredEdgeVersion = [System.Version]'25.10586.0.0'; break }
                        1507 { $requiredEdgeVersion = [System.Version]'20.10240.0.0'; break }
                        default { $requiredEdgeVersion = [System.Version]'0.0.0.0'; break }
                    }
                    $edgeVersion.CompareTo($requiredEdgeVersion) -ge 0
                } else {
                    $true
                }
                  "
            value_type: POLICY_TEXT