Using a GPO to set killbits for MS KB 972890 and 973472 domain-wide
Written by jlgaddis on July 13, 2009 – 7:34 pm -In case you haven’t been paying attention lately, Microsoft has recently released a couple of security advisories: 972890 and 973472.
Both of them are bad news — unpatched vulnerabilities allowing remote code execution. Microsoft has also stated in each of the security advisories:
We are aware of attacks attempting to exploit the vulnerability.
That’s bad news. At this time I’m writing this, the Internet Storm Center is already reporting more than two million infections in China alone.
While there are currently no patches, Microsoft has published workarounds for these issues. They involve setting a grand total of 47 killbits of Class Identifiers. This might be okay if you have only one PC and a couple hours to kill. For those of us who work in large organizations with hundreds or thousands of PCs, that’s just not feasible.
I have posted two administrative templates that can be used in group policy objects (GPOs) to automate this. They can be downloaded here:
For those who may not be used to using their own administrative templates to push out registry settings like this, I’ve recorded a video for you. I hope it’s helpful!
- If your screen isn’t “wide” enough, you can watch the video here instead.
Tags: hacking, internet, microsoft, security, video | 3 Comments »
July 13th, 2009 at 11:21 pm
Thanks to T2A1-mobile on freenode’s #dshield for pointing out that my link to the template for 973472 was actually pointing to the MS KB article. Fixed!
July 14th, 2009 at 1:24 am
You might note that system administrators must download the latest KillBits update for ActiveX from Windows Update. I tried running the templates without realizing we hadn’t been updated to the newest release of KillBits and it didn’t work right
Thanks for the great utility!
July 15th, 2009 at 5:04 pm
Thanks for the templates and video – saved me a great deal of time!