Monday, January 02, 2006

Patching: Script to deploy unofficial WMF patch

Since I didn’t have an easy way to get my systems updated with the unofficial WMF hotfix, I put together a small VBscript which can be executed at startup via GPO. You’ll need to do the following to make this work.

1) Download the unofficial hot fix
2) Put it on a share that everyone can read from
3) Create a folder that everyone can write to for logging purposes
4) Update the script to reflect the paths you’ve created

The script checks to see if the patch has already been installed; if so, it stops. Otherwise, it unregisters the DLL “shimgvw.dll” (which isn’t entirely necessary, but it’s a mitigating factor), and silently installs the patch and outputs logging information to a file called “computername”.txt where computername equals the name of the computer executing the script.

I’ve tested the script and the patch on a Virtual PC image of Windows XP SP2. The script installed as expected, and after rebooting, I ran the vulnerability checker to verify that my test system was no longer vulnerable.

Set objShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")

strUnregCommand = "regsvr32 -u -s %windir%\system32\shimgvw.dll"
strComputer = objshell.ExpandEnvironmentStrings("%COMPUTERNAME%")

If objFSO.FolderExists("c:\Program Files\WindowsMetafileFix") Then
objFolder = "c:\Program Files\WindowsMetafileFix"
wscript.echo "Fix Already Installed: " & objFolder

Set objExec = CreateObject("WScript.Shell")
strInstallPatch = "\\server\IT\Utilities\wmffix\wmffix_hexblog13.exe /NORESTART
/VERYSILENT /SUPPRESSMSGBOXES /log=\\server\logs\wmffixlog\" & strComputer & ".txt"

Set objExec = objShell.Exec(strUnregCommand)
strExecResults = LCase(objExec.StdOut.ReadAll)

Set objExec = objShell.Exec(strInstallPatch)
End if

No comments: