Kaseya Community

Procedure Security - Microsoft Security Advisory 2501696

  • Description: Enable/disable hotfix for "Vulnerability in MHTML could allow information disclosure". Read more: http://support.microsoft.com/kb/2501696

    Kaseya customer value: Procedure to secure and enhance clients with the latest software and security without time consuming user interaction.

    End user value: Procedure to secure and enhance clients with the latest software and security without time consuming support interaction.

    Dependencies: Windows XP SP3 and above.

    Usage: Run at any given time.

    Report options: Use the procedure log to report on "Microsoft Security Advisory 2501696 applied*"

    Script maintainer: ronny [at] upstream.se
    Support: This script is delivered "as is". No support included.

    Import the following procedures:

    Procedure Security - Microsoft Security Advisory 2501696 - Enable

    <?xml version="1.0" encoding="utf-8"?>
    <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">
      <Procedure name="Security - Microsoft Security Advisory 2501696 - Enable" treePres="3">
        <Body description="Description: Enable hotfix for &quot;Vulnerability in MHTML could allow information disclosure&quot;. Read more: http://support.microsoft.com/kb/2501696&#xA;&#xA;Kaseya customer value: Procedure to secure and enhance clients with the latest software and security without time consuming user interaction.&#xA;&#xA;End user value: Procedure to secure and enhance clients with the latest software and security without time consuming support interaction.&#xA;&#xA;Dependencies: Windows XP SP3 and above.&#xA;&#xA;Usage: Run at any given time.&#xA;&#xA;Report options: Use the procedure log to report on &quot;Microsoft Security Advisory 2501696 applied*&quot;&#xA;&#xA;Script maintainer: ronny [at] upstream.se&#xA;Support: This script is delivered &quot;as is&quot;. No support included.">
          <Statement description="Get MS Fixit MSI installer." name="GetURL" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="StringParameter" name="URL" value="http://go.microsoft.com/?linkid=9760419" />
            <Parameter xsi:type="StringParameter" name="ResponseFileName" value="#vAgentConfiguration.agentTempDir#\fixit.msi" />
            <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />
          </Statement>
          <Statement description="Execute the given command as if it were typed in at a command prompt." name="ExecuteShellCommand" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="StringParameter" name="Command" value="msiexec /i #vAgentConfiguration.agentTempDir#\fixit.msi /quiet /norestart /log #vAgentConfiguration.agentTempDir#\fixit.txt" />
            <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System" />
            <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />
          </Statement>
          <Statement description="Pause this procedure for 60 seconds to give a previous action time to complete." name="PauseScript" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="IntegerParameter" name="Seconds" value="60" />
          </Statement>
          <Statement description="Get the specified file - full path to file required." name="GetFile" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="StringParameter" name="RemoteFileName" value="#vAgentConfiguration.agentTempDir#\fixit.txt" />
            <Parameter xsi:type="StringParameter" name="KServerFileName" value="..\Docs\Security\Security - Microsoft Security Advisory 2501696 - Apply" />
            <Parameter xsi:type="EnumParameter" name="Action" value="SaveExistingNoAlert" />
          </Statement>
          <Statement description="Delete the specified file - full path to the filename required." name="DeleteFile" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="StringParameter" name="Path" value="#vAgentConfiguration.agentTempDir#\fixit.msi" />
          </Statement>
          <Statement description="Delete the specified file - full path to the filename required." name="DeleteFile" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="StringParameter" name="Path" value="#vAgentConfiguration.agentTempDir#\fixit.txt" />
          </Statement>
          <Statement description="Write procedure log entry." name="WriteScriptLogEntry" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="StringParameter" name="Comment" value="Microsoft Security Advisory 2501696 enable. Please check Audit, Documents for log files." />
          </Statement>
        </Body>
      </Procedure>
    </ScriptExport>

    Procedure Security - Microsoft Security Advisory 2501696 - Disable

    <?xml version="1.0" encoding="utf-8"?>
    <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">
      <Procedure name="Security - Microsoft Security Advisory 2501696 - Disable" treePres="3">
        <Body description="Description: Disable hotfix for &quot;Vulnerability in MHTML could allow information disclosure&quot;. Read more: http://support.microsoft.com/kb/2501696&#xA;&#xA;Kaseya customer value: Procedure to secure and enhance clients with the latest software and security without time consuming user interaction.&#xA;&#xA;End user value: Procedure to secure and enhance clients with the latest software and security without time consuming support interaction.&#xA;&#xA;Dependencies: Windows XP SP3 and above.&#xA;&#xA;Usage: Run at any given time.&#xA;&#xA;Report options: Use the procedure log to report on &quot;Microsoft Security Advisory 2501696 applied*&quot;&#xA;&#xA;Script maintainer: ronny [at] upstream.se&#xA;Support: This script is delivered &quot;as is&quot;. No support included.">
          <Statement description="Get MS Fixit MSI installer." name="GetURL" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="StringParameter" name="URL" value="http://go.microsoft.com/?linkid=9760420" />
            <Parameter xsi:type="StringParameter" name="ResponseFileName" value="#vAgentConfiguration.agentTempDir#\fixit.msi" />
            <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />
          </Statement>
          <Statement description="Execute the given command as if it were typed in at a command prompt." name="ExecuteShellCommand" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="StringParameter" name="Command" value="msiexec /i #vAgentConfiguration.agentTempDir#\fixit.msi /quiet /norestart /log #vAgentConfiguration.agentTempDir#\fixit.txt" />
            <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System" />
            <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />
          </Statement>
          <Statement description="Pause this procedure for 60 seconds to give a previous action time to complete." name="PauseScript" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="IntegerParameter" name="Seconds" value="60" />
          </Statement>
          <Statement description="Get the specified file - full path to file required." name="GetFile" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="StringParameter" name="RemoteFileName" value="#vAgentConfiguration.agentTempDir#\fixit.txt" />
            <Parameter xsi:type="StringParameter" name="KServerFileName" value="..\Docs\Security\Security - Microsoft Security Advisory 2501696 - Apply" />
            <Parameter xsi:type="EnumParameter" name="Action" value="SaveExistingNoAlert" />
          </Statement>
          <Statement description="Delete the specified file - full path to the filename required." name="DeleteFile" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="StringParameter" name="Path" value="#vAgentConfiguration.agentTempDir#\fixit.msi" />
          </Statement>
          <Statement description="Delete the specified file - full path to the filename required." name="DeleteFile" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="StringParameter" name="Path" value="#vAgentConfiguration.agentTempDir#\fixit.txt" />
          </Statement>
          <Statement description="Write procedure log entry." name="WriteScriptLogEntry" continueOnFail="false" osType="NT4|2000|XP|2003|Vista|2008">
            <Parameter xsi:type="StringParameter" name="Comment" value="Microsoft Security Advisory 2501696 disabled. Please check Audit, Documents for log files." />
          </Statement>
        </Body>
      </Procedure>
    </ScriptExport>

     

  • You might want to check out the script pack we wrote for Microsoft Security Advisory 2501696. It includes an audit script to check for potentially vulnerable endpoints and includes a script to remove remediation when Microsoft does come out with a fix.

    You can learn more about it in the short video I did last night, which you can find at blog.scorpionsoft.com/.../mhtml-mitigation-pack-for-kaseya.html .

  • Thanks Dana. Remember to cross post in this forum to get the message out there. I also have both enable and disable feature in separate procedures, but use the MSI files from their Fixit site.