question

BoopathiSubramaniam-6294 avatar image
0 Votes"
BoopathiSubramaniam-6294 asked saldana-msft edited

Configuration Item for Windows 10 64 Bit

Hi Team,

I need to create a configuration item as per the CVE-2021-40444.
All the devices are Windows 10 64 bit Opearting system.

Please let me now which registry to be used from the below to create configuration item

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion

or

HKEY_LOCAL_MACHINE\SOFTWARE\Policies*WOW6432Node*\Microsoft\Windows\CurrentVersion

Please help.

mem-cm-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AllenLiu-MSFT avatar image
0 Votes"
AllenLiu-MSFT answered AllenLiu-MSFT edited

Hi, @BoopathiSubramaniam-6294
Thank you for posting in Microsoft Q&A forum.

As per the article: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
This registry is for all internet zones for 64-bit and 32-bit processes.
And we know Wow6432Node is the registry accessed by 32-bit programs running in 64-bit system, so we should not use the path with Wow6432Node.
We just need to use the registry as the article listed.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GarthJones-8673 avatar image
0 Votes"
GarthJones-8673 answered

The KB for this should tell you exactly which reg key to use.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

yagmoth555 avatar image
0 Votes"
yagmoth555 answered

Hi, it's in the path without WoW. HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones*


Per the KB:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1001"=dword:00000003
"1004"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1001"=dword:00000003
"1004"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"1001"=dword:00000003
"1004"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1001"=dword:00000003
"1004"=dword:00000003

This sets the URLACTION_DOWNLOAD_SIGNED_ACTIVEX (0x1001) and URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX (0x1004) to DISABLED (3) for all internet zones for >>>64-bit and 32-bit processes<<<. New ActiveX controls will not be installed. Previously-installed ActiveX controls will continue to run.

Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.