We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Using the fix MSI for 972890 0-day exploit work around

Medium Priority
942 Views
Last Modified: 2013-12-08
I see posts on applying the registry fixes using regedit /s via GPO startup script to apply this fix (http://support.microsoft.com/kb/972890).  What I'm wondering is why we can't just use the msi provided at the link about and install it via GPO's normal software distribution methods?
Comment
Watch Question

DonNetwork Administrator
CERTIFIED EXPERT

Commented:
The .msi fails to install because of the user prompts, you need to install it with command line silent switches
 

set SEE_MASK_NOZONECHECKS=1
MicrosoftFixit50287.msi /passive /quiet /norestart set SEE_MASK_NOZONECHECKS=0

Author

Commented:
Thanks for the suggestion.  I should probably state my goal more clearly.

What I want to do is deploy this workaround via GPO to all of my workstations and then be able to pull the changed out when there is an official fix released.  I found the attached reg file with the suggestion of using regedit /s \\path\to\regfile to import it using a start up script.  That's fine and good but I don't know how to remove the registry changes using a .reg file.

I seem to have half the answer, would you be willing to point me to a resource on how to delete specific keys by simply importing a reg file via regedit /s?

Thanks for you help.  You would think Microsoft would make this easier. :P
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{011B3619-FE63-4814-8A84-15A194CE9CE3}]
"Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0149EEDF-D08F-4142-8D73-D23903D21E90}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E5-45B6-11D3-B650-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0369B4E6-45B6-11D3-B650-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{055CB2D7-2969-45CD-914B-76890722F112}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0955AC62-BF2E-4CBA-A2B9-A63F772D46CF}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{15D6504A-5494-499C-886C-973C9E53B9F1}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1BE49F30-0E1B-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C15D484-911D-11D2-B632-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1DF7D126-4050-47F0-A7CF-4C4CA9241333}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2C63E4EB-4CEA-41B8-919C-E947EA19A77C}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{334125C0-77E5-11D3-B653-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B0353C-A4C8-11D2-B634-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03543-A4C8-11D2-B634-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{37B03544-A4C8-11D2-B634-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{418008F3-CF67-4668-9628-10DC52BE1D08}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A5869CF-929D-4040-AE03-FCAFC5B9CD42}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{577FAA18-4518-445E-8F70-1473F8CF4BA4}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59DC47A8-116C-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7F9CB14D-48E4-43B6-9346-1AEBC39C64D3}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{823535A0-0318-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8872FF1B-98FA-4D7A-8D93-C9F1055F85BB}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4C-1F63-11D3-B64C-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8A674B4D-1F63-11D3-B64C-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9CD64701-BDF3-4D14-8E03-F12983D86664}]
"Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E77AAC4-35E5-42A1-BDC2-8F3FF399847C}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A1A2B1C4-0E3A-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E3074E-6C3D-11D3-B653-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A2E30750-6C3D-11D3-B653-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8DCF3D5-0780-4EF4-8A83-2CFFAACB8ACE}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AD8E510D-217F-409B-8076-29C5E73B98E8}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B0EDF163-910A-11D2-B632-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B64016F3-C9A2-4066-96F0-BD9563314726}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BB530C63-D9DF-4B49-9439-63453962E598}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C531D9FD-9685-4028-8B68-6E1232079F1E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCC-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCD-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCE-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CCF-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C5702CD0-9B79-11D3-B654-00C04F79498E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C6B14B32-76AA-4A86-A7AC-5C79AAF58DA7}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CAAFDD83-CEFC-4E3D-BA03-175F17A24F91}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D02AAC50-027E-11D3-9D8E-00C04F72D980}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9769A06-7ACA-4E39-9CFB-97BB35F0E77E}]
 "Compatibility Flags"=dword:00000400
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FA7C375B-66A7-4280-879D-FD459C84BB02}]
 "Compatibility Flags"=dword:00000400

Open in new window

Network Administrator
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
I might be wrong but can't you just run the "unfixer"?

There are two files msi links on the KB article here:

http://support.microsoft.com/kb/972890

MicrosoftFixit50287.msi  = Fixer
MicrosoftFixit50288.msi = Fix remover

A fixer and an unfixer that removes the fix. Couldn't you just run them each at the correct time with the silent switch and be done with it?
DonNetwork Administrator
CERTIFIED EXPERT

Commented:
all the suggested ways would work

Author

Commented:
You know, I've read that you don't have to delete them but if you use ORCA to view the registry changes made by the msi Microsoft released to disable the work around it actually deletes the keys.  I've done a diff comparison of the registry before and after and found that the Enabling msi adds the keys and then disabling one actually deletes them.

That's the primary reason why I wanted to know how to delete the keys since I wanted to replicate what the msi does.

I just made necessary reg files and am going to use startup scripts in a GPO to get the changes out to the clients.

Thanks. ;)
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.