As evidenced above, this task creates the necessary registry keys. The Microsoft KB indicates that a system restart is necessary for these changes to take effect, which is not included with this content. Plan your remediation actions accordingly.
Finally, please note that this content is provided “as is” and without warranty.
my only suggestion is that we were not seeing it relevant to alot of machines because the registry hive does not exist on most of our machines. I modified the relevance to check and seems to be looking better in my environment
if exists (key “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones” of native registry) then 4 != number of keys (“0”; “1”; “2”; “3”) whose (exists value “1001” whose (it as string as integer = 3) of it and exists value “1004” whose (it as string as integer = 3) of it) of key “HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones” of native registry else true
It hadn’t occurred to me that the …\Internet Settings\Zones key might not exist - we already have GPO to set some values for the Local Intranet zone, so the key already exists for us.
Thanks for sharing the fixlet @trn. I added an action requires restart "CVE-2021-40444" to the action in the copy I made just to bring a visbility to machines that have now got the keys but need the restart to make it active
