Remediate IE Vulnerabilities

<# PowerShell Script to Secure Internet Explorer & Memory Operations
reg add "HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" /v iexplore.exe /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" /v iexplore.exe /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING" /v iexplore.exe /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING" /v iexplore.exe /t REG_DWORD /d 1 /f
reg add “HKLM\System\CurrentControlSet\Services\snmp\parameters” /v TrapConfiguration /t REG_DWORD /d 1 /f
#>

$ieKeys=@(
@("CVE-2017-829 (32-Bit)","HKLM:SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX"),
@("CVE-2017-8529 (64-bit)","HKLM:SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX"),
@("ASLR Hardening Setting for IE (32-Bit)","HKLM:SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING"),
@("ASLR Hardening Setting for IE (64-Bit)","HKLM:SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING")
)

$memKeys=@(
@("CVE-2017-5715",“HKLM:SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management”,"FeatureSettingsOverride","0"),
@("CVE-2017-5715","HKLM:SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management","FeatureSettingsOverrideMask","3"),
@("CVE-2017-5753-54","HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization","MinVmVersionForCpuBasedMitigations","1.0")
)

$snmpKeys=@(
@("HKLM:System\CurrentControlSet\Services\snmp\parameters","TrapConfiguration","1")
)


"----------------------------------------------------------"
"Internet Explorer Registry Keys"
foreach ($ieKey in $ieKeys){
    $value=(Get-ItemProperty -Path $ieKey[1] -Name "iexplore.exe").'iexplore.exe'
    $result=if($value -eq 1){"pass"}else{"fail"}
    $ieKey[0] + ": " + $result
}
"----------------------------------------------------------"

"Memory Management Registry Keys"
foreach ($memKey in $memKeys){
    $value=(Get-ItemProperty -Path $memKey[1] -Name $memKey[2]).[string]($memKey[2])
    $result=if($value -eq $memKey[3]){"pass"}else{"fail"}
    $memKey[0]+ ": " + $result
}
"----------------------------------------------------------"


"----------------------------------------------------------"
$value=(Get-ItemProperty -Path $snmpKeys[0] -Name $snmpKeys[1]).[string]($snmpKeys[1])
$result=if($value -eq $snmpKeys[2]){"pass"}else{"fail"}
"SNMP "+ $snmpKeys[0]+ ": " + $result
"----------------------------------------------------------"

Leave a Reply

Your email address will not be published. Required fields are marked *