Overview:
Microsoft has additional recommendations for effectively patching the following vulnerability, CVE-2017-8529.
Mitigation of this vulnerability requires the creation of the following Windows Registry entries. This article describes the steps to create these registry settings
Affected OS:
All supported Microsoft Windows except Windows 10 1709 and Windows 10 1803
Solution:
1. Install the patches recommended in the Microsoft advisory, CVE-2017-8529
2. Create the following registry entries,
Registry Changes,
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" /v iexplore.exe /t REG_DWORD /d 1 /f
reg add "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" /v iexplore.exe /t REG_DWORD /d 1 /f
Automate Patching with Saner:
Saner can automate the above patching across the organization with ease. Follow the below steps to fully patch this vulnerability using Saner.
1. Download the attached 'sp_cve-2017-8529_print_info_dis_reg_fix.zip' zip file and unzip to get sp_cve-2017-8529_print_info_dis_reg_fix.exe
2. Login to SanerNow
3. Switch to the account/site specific view
4. Use the EM tool to create an Action
5. Select ‘Software Deployment‘ feature
6. Click on Upload, which is on the upper right corner.
7. Click on the 'Open the file Browser', upload 'sp_cve-2017-8529_print_info_dis_reg_fix.exe' file and Click on Close.
8. Once uploaded package is visible, Click on 'exclamation mark' as shown in the below diagram.
9. Click on edit in the newly opened window and set the for 'Install Option' as /S click on 'Update Details' as sown in the below diagram.
10. Select uploaded package and click on Install, which is in the upper right corner.
11. Select 'Group' for which we need to apply the workaround and click 'next'
12. Enter the required details and click on 'Create Installation task' as shown in the below diagram.
References:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529
Comments