Using a GPO to set killbits for MS KB 972890 and 973472 domain-wide
In case you haven’t been paying attention lately, Microsoft has recently released a couple of security advisories: 972890 and 973472.
Both of them are bad news — unpatched vulnerabilities allowing remote code execution. Microsoft has also stated in each of the security advisories:
We are aware of attacks attempting to exploit the vulnerability.
That’s bad news. At this time I’m writing this, the Internet Storm Center is already reporting more than two million infections in China alone.
While there are currently no patches, Microsoft has published workarounds for these issues. They involve setting a grand total of 47 killbits of Class Identifiers. This might be okay if you have only one PC and a couple hours to kill. For those of us who work in large organizations with hundreds or thousands of PCs, that’s just not feasible.
I have posted two administrative templates that can be used in group policy objects (GPOs) to automate this. They can be downloaded here:
For those who may not be used to using their own administrative templates to push out registry settings like this, I’ve recorded a video for you. I hope it’s helpful!
- If your screen isn’t “wide” enough, you can watch the video here instead.
Related Posts:
Thanks to T2A1-mobile on freenode’s #dshield for pointing out that my link to the template for 973472 was actually pointing to the MS KB article. Fixed!
You might note that system administrators must download the latest KillBits update for ActiveX from Windows Update. I tried running the templates without realizing we hadn’t been updated to the newest release of KillBits and it didn’t work right :)
Thanks for the great utility!
Thanks for the templates and video – saved me a great deal of time!