<# PowerShell Script to Secure Internet Explorer & Memory Operations
reg add "HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" /v iexplore.exe /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX" /v iexplore.exe /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
reg add "HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING" /v iexplore.exe /t REG_DWORD /d 1 /f
reg add "HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING" /v iexplore.exe /t REG_DWORD /d 1 /f
reg add “HKLM\System\CurrentControlSet\Services\snmp\parameters” /v TrapConfiguration /t REG_DWORD /d 1 /f
#>
$ieKeys=@(
@("CVE-2017-829 (32-Bit)","HKLM:SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX"),
@("CVE-2017-8529 (64-bit)","HKLM:SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_PRINT_INFO_DISCLOSURE_FIX"),
@("ASLR Hardening Setting for IE (32-Bit)","HKLM:SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING"),
@("ASLR Hardening Setting for IE (64-Bit)","HKLM:SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_USER32_EXCEPTION_HANDLER_HARDENING")
)
$memKeys=@(
@("CVE-2017-5715",“HKLM:SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management”,"FeatureSettingsOverride","0"),
@("CVE-2017-5715","HKLM:SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management","FeatureSettingsOverrideMask","3"),
@("CVE-2017-5753-54","HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization","MinVmVersionForCpuBasedMitigations","1.0")
)
$snmpKeys=@(
@("HKLM:System\CurrentControlSet\Services\snmp\parameters","TrapConfiguration","1")
)
"----------------------------------------------------------"
"Internet Explorer Registry Keys"
foreach ($ieKey in $ieKeys){
$value=(Get-ItemProperty -Path $ieKey[1] -Name "iexplore.exe").'iexplore.exe'
$result=if($value -eq 1){"pass"}else{"fail"}
$ieKey[0] + ": " + $result
}
"----------------------------------------------------------"
"Memory Management Registry Keys"
foreach ($memKey in $memKeys){
$value=(Get-ItemProperty -Path $memKey[1] -Name $memKey[2]).[string]($memKey[2])
$result=if($value -eq $memKey[3]){"pass"}else{"fail"}
$memKey[0]+ ": " + $result
}
"----------------------------------------------------------"
"----------------------------------------------------------"
$value=(Get-ItemProperty -Path $snmpKeys[0] -Name $snmpKeys[1]).[string]($snmpKeys[1])
$result=if($value -eq $snmpKeys[2]){"pass"}else{"fail"}
"SNMP "+ $snmpKeys[0]+ ": " + $result
"----------------------------------------------------------"
Related Post
Windows Event ID 2017: Unable to collect NUMA physical memory utilization data
Issue: Log Name: ApplicationSource: Microsoft-Windows-PerfOSDate: 9/12/2018 7:47:38 AMEvent ID: 2017Task Category: NoneLevel: WarningKeywords: ClassicUser: N/AComputer:…
PowerShell: Check Servers on Domain to Locate A Domain Account Being Set to Run Services and Scheduled Tasks
# Obtain the name of the default domain Administrator account (this account is expected to…
PowerShell: Create New Hybrid On Prem Active Directory User with Office 365 Integration
# createNewHybridUser_v0.0.1.ps1# .Description: this script automates the creation of a user account in a hybrid…