Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Scripting the Unofficial .wmf Patch SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Scripting the Unofficial .wmf Patch
Brent Hughes sent us a script that he used today to push the unofficial .wmf patch across his enterprise.  Here is what he sent us, and I suspect that it will work nicely with the updated patch from Ilfak.  Note that our html editor sometimes eats backslashes, apologies if that happens below.

I put the patches in netlogon to help distribute the load a bit across the domain controllers.  Here's just the relevent section of my script (in vbscript).  It assumes the patch always installs in c:program files.  If program files is somewhere else you might have to find it [ie. progdir = objShell.ExpandEnvironmentStrings("%programfiles%")].  

Const HOTFIXDIR = "%home%\netlogon\patches"

set objShell = CreateObject("") Set oFSO = CreateObject("Scripting.FileSystemObject")

if NOT oFSO.FileExists("c:program files\Windows\MetafileFix\wmfhotfix.cpp") then
    objShell.Popup "Installing WMF unofficial patch", 5
    objShell.Run "%windir%\system32\regsvr32.exe -u %windir%\system32\shimgvw.dll"
    objShell.Run HOTFIXDIR & "wmffix_hexblog13.exe /VERYSILENT /SUPPRESSMSGBOXES"
end if

You could batch file it too (though I've never tried this in group
@echo off
if exist "c:program files\windows\metafilefix\wmfhotfix.cpp" goto end
    %windir%\system32\regsvr32.exe -u %windir%\system32\shimgvw.dll
     %home%\netlogon\patches\wmffix_hexblog13.exe /VERYSILENT /SUPPRESSMSGBOXES

Put one of those in a group policy under shutdown scripts and it should patch on reboot.  I'm still working on the best way to script rebooting the network, but I'll send that too when I've got it.


301 Posts
ISC Handler
Jan 3rd 2006

Sign Up for Free or Log In to start participating in the conversation!