CustomPatch - KB3009008 - Disable SSLv3 in Per-User Internet Explorer settings using ActiveSetup (POODLE)
0 Votes |
Description
See https://support.microsoft.com/kb/3009008
This Fixlet configures ActiveSetup to disable SSLv3 in Internet Explorer, to mitigate the "POODLE" vulnerability. As an ActiveSetup component, this runs one time for each user at their next logon time.
The ActiveSetup script edits HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\SecureProtocols.
Property Details
3914 | |
QA - Ready for Production Level Testing | |
CustomPatch - KB3009008 - Disable SSLv3 in Per-User Internet Explorer settings using ActiveSetup (POODLE) | |
BESC | |
Internal | |
11/3/2014 12:00:00 AM | |
SSL, POODLE, Internet Explorer, Active Setup, Per User | |
JasonWalker on 11/3/2014 12:12:11 PM | |
JasonWalker on 11/3/2014 12:12:11 PM | |
9741 Views / 14 Downloads | |
* Average over 0 ratings. ** Log In or Register to add your rating. |
Relevance
Used in 365 fixlets | * Results in a true/false |
(if( name of operating system starts with "Win" ) then platform id of operating system != 3 else false) AND (if exists property "in proxy agent context" then ( not in proxy agent context ) else true )
isWindows (Relevance 1172)
windows of operating system
Used in 19 fixlets | * Results in a true/false |
(language of version block of file "kernel32.dll" of system folder contains "English") OR (exists key "HKLM\System\CurrentControlSet\Control\Nls\MUILanguages" whose (exists value of it) of registry)
Used in 1 fixlet | * Results in a true/false |
(name of it = "Win2003" OR name of it = "WinVista" OR name of it = "Win2008" OR name of it = "Win7" OR name of it = "Win2008R2" OR name of it = "Win8" OR name of it = "Win2012" OR name of it = "Win8.1" OR name of it = "Win2012R2") of operating system
Used in 1 fixlet | * Results in a true/false |
/* Check that the Registry is configured to execute this ActiveSetup component */ (not exists key "KB3009008_POODLE" whose (exists value "IsInstalled" whose (it=1) of it) of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components" of native registry) OR /* Check that the files required for this ActiveSetup component are present; item 0 below is a semicolon-delimited set of file pathnames */ ( exists (("\admtools\ActiveSetup\KB3009008_POODLE\ActiveSetup.cmd"),root folder of drive of system folder) whose (not exists file (pathname of item 1 of it as string & item 0 of it)))
Actions
Action 1 (default)
Action Link Click
here to deploy this action.
Script Type
BigFix Action Script
action uses wow64 redirection false
// Setup the files for ActiveSetup script operation
dos mkdir "{root folder of drive of system folder}\admtools\ActiveSetup\KB3009008_POODLE"
delete __appendfile
appendfile @reg.exe add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v SecureProtocols /t REG_DWORD /d 0x80 /F
delete "{root folder of drive of system folder}\admtools\ActiveSetup\KB3009008_POODLE\ActiveSetup.cmd"
copy __appendfile "{root folder of drive of system folder}\admtools\ActiveSetup\KB3009008_POODLE\ActiveSetup.cmd"
// Setup the Registry to run this ActiveSetup batch file on next logon (for each user)
delete __createfile
createfile until
REM Update this block as needed
set KEYNAME=KB3009008_POODLE
set TITLE=Installing KB3009008_POODLE
set VERSION=1,0,0,0
set VALUE=%COMSPEC% /c "{root folder of drive of system folder}\admtools\ActiveSetup\KB3009008_POODLE\ActiveSetup.cmd"
REM end of per-package settings
set ACTIVESETUP=HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
REG ADD "%ACTIVESETUP%\%KEYNAME%" /f
REG ADD "%ACTIVESETUP%\%KEYNAME%" /ve /t REG_SZ /d "%TITLE%" /f
REG ADD "%ACTIVESETUP%\%KEYNAME%" /v IsInstalled /t REG_DWORD /d 1 /f
REG ADD "%ACTIVESETUP%\%KEYNAME%" /v Version /t REG_SZ /d "%VERSION%" /f
REG ADD "%ACTIVESETUP%\%KEYNAME%" /v StubPath /t REG_EXPAND_SZ /d "%VALUE%" /f
delete "ActiveSetup-Registry.cmd"
move __createfile "ActiveSetup-Registry.cmd"
waithidden cmd /c ActiveSetup-Registry.cmd
Success Criteria
This action will be considered successful when the applicability relevance evaluates to false.
Sharing
Social Media: |