Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Scripting the Unofficial .wmf Patch

Published: 2006-01-02
Last Updated: 2006-01-03 16:06:03 UTC
by Marcus Sachs (Version: 1)
0 comment(s)
Brent Hughes sent us a script that he used today to push the unofficial .wmf patch across his enterprise.  Here is what he sent us, and I suspect that it will work nicely with the updated patch from Ilfak.  Note that our html editor sometimes eats backslashes, apologies if that happens below.


I put the patches in netlogon to help distribute the load a bit across the domain controllers.  Here's just the relevent section of my script (in vbscript).  It assumes the patch always installs in c:program files.  If program files is somewhere else you might have to find it [ie. progdir = objShell.ExpandEnvironmentStrings("%programfiles%")].  

----------------
Const HOTFIXDIR = "%home%\netlogon\patches"

set objShell = CreateObject("Wscript.shell") Set oFSO = CreateObject("Scripting.FileSystemObject")

if NOT oFSO.FileExists("c:program files\Windows\MetafileFix\wmfhotfix.cpp") then
    objShell.Popup "Installing WMF unofficial patch", 5
    objShell.Run "%windir%\system32\regsvr32.exe -u %windir%\system32\shimgvw.dll"
    objShell.Run HOTFIXDIR & "wmffix_hexblog13.exe /VERYSILENT /SUPPRESSMSGBOXES"
end if
-----------------

You could batch file it too (though I've never tried this in group
policy):
----------------
@echo off
if exist "c:program files\windows\metafilefix\wmfhotfix.cpp" goto end
    %windir%\system32\regsvr32.exe -u %windir%\system32\shimgvw.dll
     %home%\netlogon\patches\wmffix_hexblog13.exe /VERYSILENT /SUPPRESSMSGBOXES
:end
----------------

Put one of those in a group policy under shutdown scripts and it should patch on reboot.  I'm still working on the best way to script rebooting the network, but I'll send that too when I've got it.

-Brent
Keywords:
0 comment(s)
Diary Archives