CVE-2011-2005 | Windows - Ancillary Function Driver Operational Intel

Executive Risk Summary

"The Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 contains a vulnerability that allows local users to gain privileges via a crafted application. This vulnerability can be exploited to elevate privileges and potentially gain control of the system."

Anticipated Attack Path

1. Initial exploitation of the vulnerability
2. Elevation of privileges to kernel mode
3. Execution of arbitrary code to gain control of the system

Am I Vulnerable?

Verify the presence of the Ancillary Function Driver
Check for any suspicious or unauthorized applications
Monitor system logs for signs of exploitation

Operational Audit Arsenal

Target Type Driver

Target Asset afd.sys

Standard Path C:\Windows\System32\drivers

PowerShell

# 🛠️ Senior Engineer Universal Audit
# Target: afd.sys (Driver)
$Targets = 'afd.sys'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")

Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue | 
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}