Microsoft has additional recommendations for effectively patching the following vulnerability, CVE-2017-8529.
Mitigation of this vulnerability requires the creation of the following Windows Registry entries. This article describes the steps to create these registry settings
All supported Microsoft Windows except Windows 10 1709 and Windows 10 1803
1. Install the patches recommended in the Microsoft advisory, CVE-2017-8529
2. Create the following registry entries,
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" /v iexplore.exe /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" /v iexplore.exe /t REG_DWORD /d 1 /f
Automate Patching with Saner:
Saner can automate the above patching across the organization with ease. Follow the below steps to fully patch this vulnerability using Saner.
1. Download the attached 'sp_cve-2017-8529_print_info_dis_reg_fix.zip' zip file and unzip to get sp_cve-2017-8529_print_info_dis_reg_fix.exe
2. Login to SanerNow
3. Switch to the account/site specific view
4. Use the EM tool to create an Action
5. Select ‘Software Deployment‘ feature
6. Select ‘Operating System Family’ as ‘Windows’ and ‘Action’ as ‘Application Management’
7. Select ‘Install’ in the ‘command’ and select ‘Install method’ as ‘Using Installation file‘
8. Upload the file 'sp_cve-2017-8529_print_info_dis_reg_fix.exe'
9. Provide ‘Command line arguments’ as /S for silent mode installation
10. Select the Group where you want to apply this fix
11. Enter ‘Response Name’ and ‘Response Description’ in text fields
12. Click ‘Create Response’ to complete this vulnerability patching.
Please refer below image for understanding above patching details.