Batch File not working

Usage and Config
1

Hello,

I want to run a batch file on several computers.
This is the Action Script:

if {not exist folder “C:\SWSetup”}
dos mkdir "C:\SWSetup"
endif
dos xcopy /y __Download\regpatch.bat “C:\SWSetup” /S /E
wait cmd /q /c “C:\swsetup\regpatch.bat”

And the regpatch.bat file contains:

REG ADD “HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING” /v iexplorer.exe /t REG_DWORD /d 00000001 /f
REG ADD “HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING” /v iexplorer.exe /t REG_DWORD /d 00000001 /f
REG ADD “HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX” /v iexplorer.exe /t REG_DWORD /d 00000001 /f
REG ADD “HKLM\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX” /v iexplorer.exe /t REG_DWORD /d 00000001 /f

Please help.

Thanks!

2

Before you run the batch file, add
action uses wow64 redirection false
to the action script. That will disable the 32-bit redirection. As it stands now, your keys are likely getting added to HKLM\Software\Wow6432Node\Microsoft. And the parts where you specify Wow6432Node are probably going to HKLM\software\Wow6432Node\Wow6432Node\Microsoft.

3

The thing is, I have to fix this vulnerability: https://www.tenable.com/plugins/index.php?view=single&id=100763

And after applying this fixlet I still get the vulnerability after re-scanning:

image.png870×138 8.28 KB

Regarding this part, is everything ok? Is there a easier way to do this? To run the batch directly from __Download location?

dos xcopy /y __Download\regpatch.bat “C:\SWSetup” /S /E
wait cmd /q /c “C:\swsetup\regpatch.bat”

4

Sure, a batch file that small would be easy to build on the fly with appendfile or creatfile commands instead of downloading the batch.

Also, not sure whether you noticed, but IBM already provides content for this in the “Patches for Windows” site -

170852903 Enable Solution to CVE-2017-8529 - Windows 7 SP1 / 8.1 / 10 / Windows Server 2008 SP2 / 2008 R2 SP1 / 2012 / 2012 R2 / 2016 Unspecified Patches for Windows

170852901 Disable Solution to CVE-2017-8529 - Windows 7 SP1 / 8.1 / 10 / Windows Server 2008 SP2 / 2008 R2 SP1 / 2012 / 2012 R2 / 2016 Unspecified Patches for Windows