The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

CVE-2022-32168 Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking

Description: Creates a report of endpoints with Notepad++ installed, including application version, and other details when available.

What The Data Shows: Notepad++ version, install location, install source, publisher, install date, uninstall string

SQL: Please format as best as you can using SQL.

This will include all instances of Notepad++ installed.  Results can be exported and filtered in Excel, for example.

SELECT name,
       VERSION,
       install_location,
       install_source,
       publisher,
       install_date,
       uninstall_string
FROM programs where name like '%Notepad++%';

This will include only Notepad++ versions installed that are older than 8.4.1, that need to be upgraded per CVE-2022-32168.

SELECT name,
       VERSION,
       install_location,
       install_source,
       publisher,
       install_date,
       uninstall_string
FROM programs where name like '%Notepad++%' AND VERSION < '8.4.1';

> Requirement: None

1 Comment
jnelson
Carbon Black Employee
Status changed to: Approved

Thanks for your contribution!