Patch v1 for CVE-2023-36884

1. # Define the parameters for the script
2. [CmdletBinding()]
3. param (
4.     [Parameter()]
5.     [String]$OfficeProducts = "All",    # Office products to be targeted for remediation (default: "All" for all products)
6.     [Parameter()]
7.     [Switch]$Undo                       # Switch to indicate whether to undo the changes
8. )
9.  
10. begin {
11.     # Function to check if the script is running with administrator privileges
12.     function Test-IsElevated {
13.         $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()
14.         $p = New-Object System.Security.Principal.WindowsPrincipal($id)
15.         $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
16.     }
17.  
18.     # Function to set a registry key with given parameters
19.     function Set-RegKey {
20.         param (
21.             $Path,
22.             $Name,
23.             $Value,
24.             [ValidateSet("DWord", "QWord", "String", "ExpandedString", "Binary", "MultiString", "Unknown")]
25.             $PropertyType = "DWord"
26.         )
27.         # Check if the registry path exists; if not, try to create it
28.         if (-not $(Test-Path -Path $Path)) {
29.             try {
30.                 New-Item -Path $Path -Force -ErrorAction Stop | Out-Null
31.             }
32.             catch {
33.                 Write-Error "[Error] Unable to create registry path $Path. Please run the script with administrator privileges."
34.                 exit 1
35.             }
36.         }
37.  
38.         # Get the current value of the registry key
39.         $CurrentValue = (Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue).$Name
40.  
41.         try {
42.             # Set the registry key with the provided value
43.             Set-ItemProperty -Path $Path -Name $Name -Value $Value -Force -Confirm:$false -ErrorAction Stop | Out-Null
44.         }
45.         catch {
46.             Write-Error "[Error] Unable to set registry key for $Name. Please see the error details below:"
47.             Write-Error $_.Exception.Message
48.             exit 1
49.         }
50.  
51.         # Display the change in the registry key
52.         Write-Host "$Path\$Name changed from $CurrentValue to $($(Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue).$Name)"
53.     }
54.  
55.     # Define the mapping of Office products to their corresponding registry values
56.     $RemediationValues = @{
57.         "Excel" = "Excel.exe"; "Graph" = "Graph.exe"; "Access" = "MSAccess.exe";
58.         "Publisher" = "MsPub.exe"; "PowerPoint" = "PowerPnt.exe"; "OldPowerPoint" = "PowerPoint.exe";
59.         "Visio" = "Visio.exe"; "Project" = "WinProj.exe"; "Word" = "WinWord.exe"; "Wordpad" = "Wordpad.exe"
60.     }
61. }
62.  
63. process {
64.     # Check if the script is running with administrator privileges
65.     if (-not (Test-IsElevated)) {
66.         Write-Error -Message "Access Denied. Please run the script with Administrator privileges."
67.         exit 1
68.     }
69.  
70.     # If specific office products are provided, filter the list to those products
71.     if ($OfficeProducts -notlike "All") {
72.         $OfficeProducts = $OfficeProducts.split(',') | ForEach-Object { $_.Trim() }
73.         $RemediationTargets = $RemediationValues.GetEnumerator() | ForEach-Object { $_ | Where-Object { $OfficeProducts -match $_.Key } }
74.     }
75.     else {
76.         $RemediationTargets = $RemediationValues.GetEnumerator()
77.     }
78.  
79.     # Define the path to the registry keys
80.     $Path = "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_CROSS_PROTOCOL_FILE_NAVIGATION"
81.  
82.     # Check if there are any products to remediate
83.     if ($RemediationTargets) {
84.         # For each product targeted for remediation, set the corresponding registry key
85.         $RemediationTargets | ForEach-Object {
86.             Write-Host "$($_.Name) was selected for remediation."
87.             if (-not $Undo) {
88.                 # Apply the remediation by setting the registry key to 1
89.                 Set-RegKey -Path $Path -Name $_.Value -Value 1
90.                 Write-Host "Success!"
91.             }
92.             else {
93.                 # Undo the remediation by removing the registry key
94.                 Remove-ItemProperty -Path $Path -Name $_.Value -ErrorAction SilentlyContinue | Out-Null
95.                 if (Get-ItemProperty -Path $Path -Name $_.Value -ErrorAction SilentlyContinue) {
96.                     Write-Error "[Error] Unable to undo registry key $($_.Value)!"
97.                     exit 1
98.                 }
99.                 else {
100.                     Write-Host "Successfully removed registry key!"
101.                 }
102.             }
103.         }
104.  
105.         Write-Warning "A reboot may be required."
106.         exit 0
107.     }
108.     else {
109.         # No products were selected for remediation
110.         Write-Warning "No products were selected! The valid values for -OfficeProducts are listed below. You can also use a comma-separated list or simply put 'All'."
111.         $RemediationValues | Sort-Object Name | Format-Table | Out-String | Write-Host
112.         Write-Error "ERROR: Nothing to do!"
113.         exit 1
114.     }
115. }