Description: Looks for a file called dbutil_2_3.sys in multiple directories (Windows / Users directories). This was used to find out which systems had a vulnerable file associated to a Dell firmware vulnerability: https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update...
What The Data Shows: Provides back the filename and path it was found in.
SQL:
SELECT filename,path
FROM file
WHERE path = "C:\Windows\Temp\dbutil_2_3.sys"
OR path LIKE "C:\Users\%\AppData\Local\Temp\dbutil_2_3.sys";
Sexy updated (vulnerable) version from @jnelson
SELECT filename,path,
CASE
WHEN COUNT(*) > 0 THEN "TRUE"
ELSE "FALSE"
END "vulnerable"
FROM file
WHERE path = "C:\Windows\Temp\dbutil_2_3.sys"
OR path LIKE "C:\Users\%\AppData\Local\Temp\dbutil_2_3.sys";
> Requirement: Windows Systems