the command Symantec provides will pause a task sequence as it's not silent, (pop's up a window saying successful and waiting for you to click ok)
use cmd.exe /c %SystemRoot%\System32\regsvr32.exe /u /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll" instead, (/s for silent) On Tue, Apr 29, 2014 at 5:06 AM, Mike Dougherty <[email protected]> wrote: > I've been doing some digging on this/these things this evening... > > It seems like there are two closely related exploit-able things floating > around that have surfaced in the last 24-36 hours: > > CVE-2014-0515 > CVE-2014-1776 > > (I assume I'm interpreting this correctly...) > > One of them (CVE-2014-0515) is a Flash exploit that could potentially > target any Windows based browser, including Internet Explorer. Microsoft > has released a security bulletin, etc. about this one because on Win8+ > (with IE10 or above), Microsoft is "handling" Flash patching/updates. > > Adobe has released a seperate 0-day update/release for this as well: > http://helpx.adobe.com/security/products/flash-player/apsb14-13.html > > > > However.... The second one (CVE-2014-1776) is an exploit specific to > Internet Explorer (which currently leverages a vulnerable Flash to > introduce the exploit on remote systems). > > This where things get clear as mud for me: > > > http://blogs.technet.com/b/srd/archive/2014/04/26/more-details-about-security-advisory-2963983-ie-0day.aspx > > "while the vulnerability affects Internet Explorer, the exploit relies > deeply on two other components to successfully trigger code execution and > in particular it requires presence VML and Flash components." > > The aforementioned SRD post mentioned that disabling/unregistering the > DLLs for VML, changing Active X/Scripting or IE Security Zones, or > deploying a recent version of EMET can mitigate the issue. > Symantec goes as far as providing the command to unregister the VML DLL: > http://www.symantec.com/connect/blogs/zero-day-internet-vulnerability-let-loose-wild > > > Does deploying the new version of Flash (from CVE-2014-0515) correct both > issues? No one is really saying one way or the other at this point. > My guess overall is "no" since exploit #2 could potentially eventually be > reached via other non-Flash vectors. > > However, Fireeye's blog post ( > http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html) > says that disabling Flash will prevent the exploit. > That blog post pre-dates the newest Flash release, so ... > > > > Thus far, my environment is deploying the newest Flash immediately and > keeping our fingers crossed, hoping that this solution is sufficient in the > meantime. > > > > On Mon, Apr 28, 2014 at 1:00 PM, Brian Mason <[email protected]> wrote: > >> I see CM synced and pulled 2961887 today, but it's only for Win8/8.1 >> and Server12/12R2. >> >> >> >> This link mentions the patches: >> https://technet.microsoft.com/library/security/2755801 >> >> >> >> - On April 28, 2014, Microsoft released an update (2961887) for >> Internet Explorer 10 on Windows 8, Windows Server 2012, and Windows RT, >> and >> for Internet Explorer 11 on Windows 8.1, Windows Server 2012 R2, and >> Windows RT 8.1. The update addresses the vulnerabilities described in >> Adobe >> Security bulletin >> APSB14-13<http://helpx.adobe.com/security/products/flash-player/apsb14-13.html>. >> For more information about this update, including download links, see >> Microsoft >> Knowledge Base Article 2961887<https://support.microsoft.com/kb/2961887> >> . >> >> *Note *Updates for Windows RT and Windows RT 8.1 are available via Windows >> Update <http://go.microsoft.com/fwlink/?LinkId=21130>. >> >> >> >> >> >> This link must still be written as it's coming up empty for me: >> https://support.microsoft.com/kb/2961887 >> >> >> Doesn't look like this is 0-day patch everyone has been waiting for. >> >> >> >> _________________ >> >> Brian Mason >> >> MCTS, MS MVP ECM >> >> http://www.mnscug.org/ >> >> >> >> > >
