iSNS Server Memory Corruption Vulnerability Audit

List all Windows Servers with iSNS

Get an overview of all Windows server using the iSNS. iSNS, or the Internet Storage Name Service protocol is used for communication between iSNS servers and iSNS clients. As the name would suggest iSNS manages an Internet Storage Name Service server that provides registration functionality in a storage network so that registering and querying the iSNS database is possible.

On December 14, 2021, Microsoft released a security patch fixing CVE-2021-43215, to ensure you know exactly which of your servers are using this feature, the report below will provide a list of all servers where the feature is enabled. You can read more about the vulnerability in the December 2021 patch Tuesday blog post.

iSNS Server Memory Corruption Vulnerability Query

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssets.Username,
tblAssets.Userdomain,
Coalesce(tsysOS.Image, tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.Version,
tblAssets.SP,
tblFeatureUni.featureName As FeatureName,
tblFeatureUni.featureCaption As FeatureCaption,
Case when PatchIDMax >= 5008206 then 'Safe' else 'Vulnerable'
end as [Safe/Vulnerable],
PatchIDMax as [Highest KB Patch found],
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case when PatchIDMax >= 5008206 then '#d4f4be' else '#ffadad'
end as backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblFeature On tblAssets.AssetID = tblFeature.AssetId
Inner Join tblFeatureUni On tblFeatureUni.featUniID = tblFeature.featUniId
Left Join (Select Top 1000000 tblQuickFixEngineering.AssetID,
Max(Cast(Right(tblQuickFixEngineeringUni.HotFixID, 7) As bigint)) As
PatchIDMax
From tblQuickFixEngineering
Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID =
tblQuickFixEngineering.QFEID
Where Right(tblQuickFixEngineeringUni.HotFixID, 7) Not Like '%[^0-9]%'
Group By tblQuickFixEngineering.AssetID) As SubQuery1 On tblAssets.AssetID =
SubQuery1.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where tblState.Statename = 'Active' and featureName like '%iSNS%'
Order By tblAssets.Domain,
tblAssets.AssetName

Audit and Take Action in 3 Easy Steps

1. Download & Install Lansweeper

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit