Fix WPAD Vulnerability by Changing Host File with SCCM

It was a bit more diffcult than I thought, originally I was using compliance settings, but then it didn’t work so well. So I go back to the classic application deployment by SCCM.

Here is the detection method:

# WPAD Vulnerability Remediation Discover Script
# Rui Qiu
# v 2.0
# 4/5/2018
# Last edit: 4/11/2018

$i = 0
$results = Select-String -Path $env:SystemRoot\System32\Drivers\etc\hosts -Pattern wpad
foreach($result in $results)
{$i+=1}

# Write-Host $results
if ($i -eq 2 )
{Write-Host “Installed”}

 

Because some workstations are still on Powershell 2.0, so I have to use a Hosts Commander to remove and add wpad entries.

Install-Module PsHosts
Remove-HostEntry wpad*

Add-HostEntry -Address 255.255.255.255 -Name wpad
Add-HostEntry -Address 255.255.255.255 -Name wpad.corp.lan

https://code.google.com/archive/p/hostscmd/

Here is the batch file command:

hosts.exe rem wpad*
hosts.exe add wpad 255.255.255.255
hosts.exe add wpad.corp.lan 255.255.255.255

Leave a Comment