Many of you probably heard already, Microsoft discovered a vulnerability within IE. Until they resolve i'd like to disable IE so users can only use firefox and chrome. Any tips on how i can temporarily disable it?
Already thread open for this: community.kaseya.com/.../19886.aspx
You would be better off to automating the disable of Flash as an IE Add On as indicated by FireEye:
www.fireeye.com/.../new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
or update the Add on: http://helpx.adobe.com/security/products/flash-player/apsb14-13.html
If you are using Ninite this should be a quick and simple fix
looks this attack will not work without Adobe Flash. Disabling the Flash plug-in within IE will prevent the exploit from functioning.
or update Adobe Flash Player as Tim mentioned
You can also block this particular exploit by running IE in "Enhanced Protected Mode" - or in 64 bit process mode where applicable.
According to some articles I have read this exploit affect IE version 6 up to 11 however so far only version 9 to 11 have been targeted.Here is the security advisory on this issue;https://technet.microsoft.com/library/security/2755801
So far Microsoft has only released an update for Windows 8, Windows 8.1, Server 2012 and Server 2012 R2. The above article also provides the registry keys to disable the Flash Player plugin as a workaround;[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]"Compatibility Flags"=dword:00000400[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{D27CDB6E-AE6D-11CF-96B8-444553540000}]"Compatibility Flags"=dword:00000400Updating Flash for IE 11 is a little different from other version as it is part of the Windows Updates now, below is the link to Microsoft update;http://support.microsoft.com/kb/2961887Below are the links for the EXE and MSI installers for the latest Adobe Flash Player addons that should work for the older IE versions and IE version 11 for Windows 7;http://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_13_active_x.msihttp://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_13_active_x.exe
Reading some more there appears to be 2 separate exploits;
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
Published: September 21, 2012 | Updated: April 28, 2014
technet.microsoft.com/.../2755801
Fix: Update Flash Player
Vulnerability in Internet Explorer Could Allow Remote Code Execution
Published: April 26, 2014
technet.microsoft.com/.../2963983
Fix: Use Alternate Web Browser until MS releases a patch or unregistered the vgx.dll if you can live without Vector Markup Language (VML) under Internet Explorer
Keep in mind that there will be no fixes forthcoming from Microsoft for Microsoft Security Advisory 2963983 for machines running XP so the alternate browser option seems to be the only viable option for those machines if they can't be upgraded at this time.
We're taking a twofold approach:
The current exploit vector is through Flash. I'm using my home-grown Ninite procedures to make sure that customers are fully up-to-date with Flash, and "Flash (IE)" (to borrow the Ninite parlance). KSDU would buy you the same.
The underlying issue, as zippo notes, has not been fixed, and will not be fixed for Windows XP machines. As far as waiting for a Microsoft fix of the IE security vulnerability, we're trying to be patient as TV, radio and Internet news sources continue to Chicken Little the heck out of this thing. There is no good solution. EMET breaks more than it purports to fix, IE EPM disables plugins that are often required for line-of-business software, and as far as unregistering the DLL, I'm curious to see what BroncoMarc and Oscar Romero have to say about what unintended consequences (if any) doing so has caused (reference: http://community.kaseya.com/xsp/f/28/t/19889.aspx).
None of these options are ideal, to say the least.
HardKnoX ..Thanks for tip.
i have created script .
you need below MSI and EXE files , download links are below
http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_13_plugin.msi
https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0CCcQFjAA&url=http%3A%2F%2Fdownload.macromedia.com%2Fget%2Fflashplayer%2Fcurrent%2Flicensing%2Fwin%2Finstall_flash_player_13_active_x.msi&ei=oMRgU7_aCtS2yATvhIHoBA&usg=AFQjCNFZjX0HLcZfmBbmuzbsgLjNzgi20g
http://download.macromedia.com/get/flashplayer/current/support/uninstall_flash_player.exe
Thanks,
Procedure Microsoft Security Advisory 2755801.xml
I've created a script that addresses the 2nd part of this exploit (thanks HardKnoX) by unregistering VGX.dll. I've posted it in the Knowledge Exchange. It handles unregistering & re-registering of said DLL such that the workaround can be reversed once Microsoft releases an official patch:
http://community.kaseya.com/resources/m/knowexch/86513.aspx
Thanks Brian!
Can I ask, what is the purpose of the "global:stopThePresses" ?
I'm trying to wrap my head around these scripts. :)
I just saw the other thread with the explanation of what you were doing and why. Wow!
I almost think it would be nice if Kaseya had courses just on scripting. I've been limping by with basic 3-10 line scripts!
finnaly some good news
www.foxnews.com/.../microsoft-releases-security-update-for-internet-explorer-including-for-windows
blogs.technet.com/.../out-of-band-release-to-address-microsoft-security-advisory-2963983.aspx
Patch Released
technet.microsoft.com/.../ms14-021
support.microsoft.com/.../2965111
When will this patch be released in Kaseya? I would like to approve it in our patch policy, but I do not see it released to us yet.