From f2752eab00a4bfa024659b625f75504b8353fc36 Mon Sep 17 00:00:00 2001
From: Tim W <timrlw@gmail.com>
Date: Mon, 4 May 2020 15:04:43 +0800
Subject: [PATCH] add win32k revision check to check method

---
 modules/exploits/windows/local/ntusermndragover.rb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/modules/exploits/windows/local/ntusermndragover.rb b/modules/exploits/windows/local/ntusermndragover.rb
index 0cefe888b4..df80a8cf84 100644
--- a/modules/exploits/windows/local/ntusermndragover.rb
+++ b/modules/exploits/windows/local/ntusermndragover.rb
@@ -13,6 +13,7 @@ class MetasploitModule < Msf::Exploit::Local
   include Msf::Post::File
   include Msf::Exploit::EXE
   include Msf::Post::Windows::Priv
+  include Msf::Post::Windows::FileInfo
   include Msf::Post::Windows::ReflectiveDLLInjection
   include Msf::Exploit::Remote::AutoCheck
 
@@ -95,6 +96,9 @@ class MetasploitModule < Msf::Exploit::Local
       return CheckCode::Safe
     end
 
+    path = expand_path('%WINDIR%\\system32\\win32k.sys')
+    major, minor, build, revision, brand = file_version(path)
+    return CheckCode::Safe if revision >= 24387
 
     CheckCode::Appears
   end