First urgent job for the day was a question about the Microsoft Security Advisory: Vulnerability in MHTML could allow information disclosure

Had a quick look at the solution and it was a simple MSI package that checked a couple of DLL’s and then added the necessary registry Keys..

Great simple to deploy..

However the installation process didnt leave much to check if it had been installed…

I opened up the MSI file in InstEd Or could have used Ocra and added the following rows to the following tables to create a new transform..

* the first column on the left is the action to make on the MSI Table.

installexecutesequence
Action*	Action	Condition	Sequence
Add	RegisterProduct		6100
Add	PublishFeatures		6300
Add	PublishProduct		6400

Property
Action*	Property	Value
Add	ARPHELPLINK	http://go.microsoft.com/fwlink/?LinkID=151778&fi=50602
Add	ARPNOMODIFY	1
Add	ARPNOREMOVE	1
Add	ARPURLINFOABOUT	http://go.microsoft.com/fwlink/?LinkID=151778&fi=50602

* the first column on the left is the action to make on the MSI Table.

Then by running the install command,
Msiexec /package MicrosoftFixit50602.msi /LOG %SYSTEMROOT%\INSTALL-MicrosoftFixit50602.LOG /QUIET TRANSFORMS=MicrosoftFixit50602.MST
We now get an entry in “Add/Remove programs”

This can be tested by using the follow code…


@Echo Off
REM set the variable TheComputer to the workstation you need to test..
Echo Testing on %TheComputer%
reg query "\\%TheComputer%\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF6E1C5B-994E-42FF-B8A4-0A8DD963EC7D}"
reg query "\\%TheComputer%\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\RestrictedProtocols" /s
reg query "\\%TheComputer%\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN"


We are using SMS so we can therefore use a hardware scan to capture what programs are installed. Update the collections based on machines without the Application “Microsoft Fix it 50602”.

So now to deploy to the 2200 + machines we have here..