logo

Query Exchange

Built off the open source project Osquery

The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

CVE-2022-32168 Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking

Status: Approved Submitted by on ‎03-31-2023 12:49 PM

Description: Creates a report of endpoints with Notepad++ installed, including application version, and other details when available.

What The Data Shows: Notepad++ version, install location, install source, publisher, install date, uninstall string

SQL: Please format as best as you can using SQL.

This will include all instances of Notepad++ installed.  Results can be exported and filtered in Excel, for example.

SELECT name,
       VERSION,
       install_location,
       install_source,
       publisher,
       install_date,
       uninstall_string
FROM programs where name like '%Notepad++%';

This will include only Notepad++ versions installed that are older than 8.4.1, that need to be upgraded per CVE-2022-32168.

SELECT name,
       VERSION,
       install_location,
       install_source,
       publisher,
       install_date,
       uninstall_string
FROM programs where name like '%Notepad++%' AND VERSION < '8.4.1';

> Requirement: None

Comment
1 Comment
jnelson
Carbon Black Employee
‎04-03-2023 09:22 AM
‎04-03-2023 09:22 AM
Status changed to: Approved

Thanks for your contribution!

logo