I can’t find any content related to this in BigFix, but Nessus is flagging some of my patched systems as still being vulnerable to CVE-2017-8529 which is addressed in the June 2017 Rollup Packages; but the fix requires an additional registry entry that does not seem to be addressed in the BigFix content.
Ref https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529
FAQ
After I install the updates for CVE-2017-8529, is there anything else I need to do to be protected from this vulnerability?
Yes. With the rerelease of CVE-2017-8529 Microsoft has addressed previously known print issues related to this vulnerability; however, to prevent the potential for any further print regressions, the solution for CVE-2017-8529 is turned off by default. To be fully protected from this vulnerability, you need to do the following after installing the update:
Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
Note If you have previously configured the FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX subkey, double-click the iexplore.exe DWORD and then follow Step 7 to change the value.
For 32-bit and 64-bit systems:
Click Start, click Run, type regedt32 or type regedit, and then click OK.
In Registry Editor, locate the following registry folder: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
Right-click FeatureControl, point to New, and then click Key.
Type FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX, and then press Enter to name the new subkey.
Right-click FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX, point to New, and then click DWORD Value.
Type “iexplore.exe” for the new DWORD value.
Double-click the new DWORD value named iexplore.exe and change the Value data field to 1.
Click OK to close.
For 64-bit systems only:
Click Start, click Run, type regedt32 or type regedit, and then click OK.
In Registry Editor, locate the following registry folder: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl
Right-click FeatureControl, point to New, and then click Key.
Type FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX, and then press Enter to name the new subkey.
Right-click FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX, point to New, and then click DWORD Value.
Type “iexplore.exe” for the new DWORD value.
Double-click the new DWORD value named iexplore.exe and change the Value data field to 1.
Click OK to close.
If you need to disable the solution for CVE-2017-8529, do the following:
For 32-bit and 64-bit systems:
Click Start, click Run, type regedt32 or type regedit, and then click OK.
In Registry Editor, locate the following registry folder: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX
Double-click the value named iexplore.exe and change the Value data field to 0.
Click OK to close.
For 64-bit systems only:
Click Start, click Run, type regedt32 or type regedit, and then click OK.
In Registry Editor, locate the following registry folder: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX
Double-click the value named iexplore.exe and change the Value data field to 0.
Click OK to close.