PSSecurityUtils

0.2.0

Public/Enable-IEPrintDisclosureMitigation.ps1

                                function Enable-IEPrintDisclosureMitigation {

    <#

    .SYNOPSIS

        Mitigates CVE-2017-8529, an Internet Explorer information disclosure vulnerability.

    .DESCRIPTION

        Creates the FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX feature control registry key

        for both 64-bit and 32-bit (Wow6432Node) hives and sets iexplore.exe to 1,

        preventing Internet Explorer from disclosing information during print operations.

        Changes take effect on the next launch of Internet Explorer.

    .INPUTS

        None. Parameters must be supplied directly.

    .OUTPUTS

        None.

    .PARAMETER ComputerName

        The target computer. Defaults to the local machine.

    .EXAMPLE

        Enable-IEPrintDisclosureMitigation

        Applies the CVE-2017-8529 mitigation registry keys on the local machine.

    .EXAMPLE

        Enable-IEPrintDisclosureMitigation -ComputerName 'Workstation01'

        Applies the mitigation on Workstation01.

    .NOTES

        Requires Administrator privileges.

        Mitigates CVE-2017-8529 (Windows 10 / Server 2016 IE information disclosure, September 2017).

        Remote operations require WinRM to be configured on the target machine.

    #>

    [CmdletBinding(SupportsShouldProcess, ConfirmImpact = 'Medium')]

    [OutputType([void])]

    param (

        [Parameter(Mandatory = $false)]

        [string]$ComputerName = $env:COMPUTERNAME

    )

    $isLocal = ($ComputerName -ieq $env:COMPUTERNAME) -or

               ($ComputerName -ieq 'localhost') -or

               ($ComputerName -eq '127.0.0.1')

    $featureName = 'FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX'

    $key64 = "HKLM:\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\$featureName"

    $key32 = "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\$featureName"

    if ($PSCmdlet.ShouldProcess($ComputerName, "Set $featureName = 1 for iexplore.exe (64-bit and 32-bit)")) {

        $work = {

            param($k64, $k32)

            New-Item -Path $k64 -Force | Out-Null

            New-ItemProperty -Path $k64 -Name 'iexplore.exe' -Value 1 -PropertyType DWord -Force | Out-Null

            New-Item -Path $k32 -Force | Out-Null

            New-ItemProperty -Path $k32 -Name 'iexplore.exe' -Value 1 -PropertyType DWord -Force | Out-Null

        }

        if ($isLocal) {

            & $work $key64 $key32

        } else {

            Invoke-Command -ComputerName $ComputerName -ScriptBlock $work -ArgumentList $key64, $key32

        }

        Write-Verbose "CVE-2017-8529 mitigation registry keys applied on '$ComputerName'."

    }

}