windows-system-restore-not-configured: System Restore Not Configured

日期: 2025-08-01 | 影响软件: windows system restore not configured | POC: 已公开

漏洞描述

Checks if System Restore is not configured, which can prevent recovery from system issues.

PoC代码[已公开]

id: windows-system-restore-not-configured

info:
  name: System Restore Not Configured
  author: princechaddha
  severity: medium
  description: Checks if System Restore is not configured, which can prevent recovery from system issues.
  impact: |
    Without System Restore, recovering from system failures may require more drastic measures like reinstallation.
  remediation: |
    Configure System Restore to ensure you can roll back changes if needed.
  tags: windows,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      $restorePoints = Get-ComputerRestorePoint -ErrorAction SilentlyContinue; if ($null -eq $restorePoints) { Write-Output "SystemRestoreUnavailable" }

    matchers:
      - type: word
        words:
          - "SystemRestoreUnavailable"
# digest: 4b0a00483046022100ef9267888a39da21a4243bc8972c11ab0e4d927192fa0f1a159275a3da6654ae02210092a82b1be5204f7115b00cbfcd0db78a3e3d20b21dfe4484d22a90bb40f61e8d:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./code/windows/audit/windows-system-restore-not-configured.yaml