ETA of Fixlet for CVE-2022-1096(High-Severity Zero-Day Exploit)

This CVE came over the weekend. When could we expect BigFix Fixlets released for Chrome and Edge Browsers to mitigate this High-Severity Zero-Day Exploit?

The fixlets have been prepared and will be published in the next few hours.

1 Like

If you are inclined to try some not-officially-supported content, I have posted a fixlet to that upgrades Chrome to the latest available version for Windows.

Important notes

  • This Fixlet does not check the Chrome version and will remain Relevant on any computers that have Chrome, even if the computer is already at the latest version.
  • The Fixlet does not verify hash values of the downloaded Chrome installer; this allows the Fixlet to work after Google updates their Chrome installer.
  • The latest Chrome version is download as of the time the Action is issued. The download is cached on the Root Server, Relays, and Clients, and the Action will continue to install that static version of Chrome - even if Google updates the download binaries after the Action is issued.

The official content was published a short while ago

Fixlets available for Windows and Mac:

1 Like

Has anyone else seen issues with this fixlet not being applicable to anything? We have 25,000+ machines with about 14,000 with chrome and none are showing applicable at this time. The fixlet has been in the console for a few hours now.

I will run the relevance to see if there is an issue but I was curious if anyone else was having this issue?

I created a copy of the fixlet and it became applicable to over 10k systems in a matter of 15 min.

Very odd.

You might want to check if the Patches for Windows/Mac Application site is gathering correctly on your deployment (site versions), and if all those devices are subscribed to it.

Thanks for the suggestions. I figure it out a while ago, the “computer subscriptions” was set to “no computers”. Have no idea who it got that way, my team is told to never touch settings related to external sites, that is left up to me and one other architect. It hadn’t be long though, there were still 3000 plus machines still applicable because they had not checked in to unsubscribe.

1 Like