Hi everyone!

Axel here from the IE Team with a quick Group Policy ADM template to help implement workaround described in security advisory 973472. I am also including the .reg file and .adm templates for both x86 and x64 versions.

Please note:  This is an “as is” template, so feel free to tweak it as needed.

Important: This policy requires that you disable filtering in the group policy editor. See steps below on how to set this up.

How to load the Custom ADM Template?

  1. To start Group Policy, click Start and then click Run. In the Open box, type GPedit.msc or GPMC.msc if from a Domain policy and then click OK.
  2. Select Administrative Templates from the Computer Configuration branch.
  3. Right-click the Administrative Templates branch, and then select All Tasks.
  4. Select Add/Remove Templates.
  5. Click Add.
  6. Load the ADM templates.

Please note: Windows 2003, Windows XP will display the policy under: Administrative Templates > New Policy

Here is how you disable the Group policy filer:

  1. Right click on the Policy and select View > detail > Filtering
  2. Remove the check mark from the check box next to "Only show policy settings that can be fully managed"
  3. You should see the template now.

x86 ADM Template

;####################### Begin x86 adm setting  ###########################

CLASS MACHINE

CATEGORY "Group Policy workaround for KB973472, x86"

POLICY "MS 973472 Activex component {0002E541-0000-0000-C000-000000000046}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}"
EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472"
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY

POLICY "MS 973472 Activex component {0002E559-0000-0000-C000-000000000046}"
KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}"
EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472"
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY

[strings]
kb973472="kb973472"
kb973472="Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution "

;####################### End of x86 adm setting  ###########################

x64 ADM Template

;####################### Begin x64 adm setting  ###########################

CLASS MACHINE

CATEGORY "Group Policy workaround for KB973472, x64"

POLICY "MS 973472 Activex component {0002E541-0000-0000-C000-000000000046}"
KEYNAME "SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}"
EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472"
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY

POLICY "MS 973472 Activex component {0002E559-0000-0000-C000-000000000046}"
KEYNAME "SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}"
EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472"
VALUENAME "Compatibility Flags"
VALUEON NUMERIC 1024
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY

[strings]
kb973472="kb973472"
kb973472="Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution "

;####################### End of x64 adm setting  ###########################

x64 Registry key

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400

x86 Registry key

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}]
"Compatibility Flags"=dword:00000400

We also have the above samples available to download here.

 

Regards,

The IE Support Team