Hi everyone!
Axel here from the IE Team with a quick Group Policy ADM template to help implement workaround described in security advisory 973472. I am also including the .reg file and .adm templates for both x86 and x64 versions.
Please note: This is an “as is” template, so feel free to tweak it as needed.
Important: This policy requires that you disable filtering in the group policy editor. See steps below on how to set this up.
How to load the Custom ADM Template?
Please note: Windows 2003, Windows XP will display the policy under: Administrative Templates > New Policy
Here is how you disable the Group policy filer:
x86 ADM Template
;####################### Begin x86 adm setting ###########################
CLASS MACHINE
CATEGORY "Group Policy workaround for KB973472, x86"
POLICY "MS 973472 Activex component {0002E541-0000-0000-C000-000000000046}" KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}" EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472" VALUENAME "Compatibility Flags" VALUEON NUMERIC 1024 VALUEOFF NUMERIC 0 END POLICY
POLICY "MS 973472 Activex component {0002E559-0000-0000-C000-000000000046}" KEYNAME "SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}" EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472" VALUENAME "Compatibility Flags" VALUEON NUMERIC 1024 VALUEOFF NUMERIC 0 END POLICY END CATEGORY
[strings] kb973472="kb973472" kb973472="Microsoft Security Advisory: Vulnerability in Microsoft Video ActiveX control could allow remote code execution "
;####################### End of x86 adm setting ###########################
x64 ADM Template
;####################### Begin x64 adm setting ###########################
CATEGORY "Group Policy workaround for KB973472, x64"
POLICY "MS 973472 Activex component {0002E541-0000-0000-C000-000000000046}" KEYNAME "SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}" EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472" VALUENAME "Compatibility Flags" VALUEON NUMERIC 1024 VALUEOFF NUMERIC 0 END POLICY
POLICY "MS 973472 Activex component {0002E559-0000-0000-C000-000000000046}" KEYNAME "SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}" EXPLAIN "Group Policy to disable CLSIDs outlined in the workaround section of kb973472" VALUENAME "Compatibility Flags" VALUEON NUMERIC 1024 VALUEOFF NUMERIC 0 END POLICY END CATEGORY
;####################### End of x64 adm setting ###########################
x64 Registry key
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}] "Compatibility Flags"=dword:00000400
x86 Registry key
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E541-0000-0000-C000-000000000046}] "Compatibility Flags"=dword:00000400 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0002E559-0000-0000-C000-000000000046}] "Compatibility Flags"=dword:00000400
We also have the above samples available to download here.
Regards,
The IE Support Team