none
How to Silently Unregister DLLs Related To Security Advisory 2963983 0-Day Exploit? RRS feed

  • Question

  • Microsoft gave these labor-intensive instructions:

    Unregister VGX.DLL

    For 32-bit Windows systems

    Important: For this workaround to take effect, you MUST run it from an elevated command prompt.

    1. From an elevated command prompt enter the following command:
      "%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
      

      A dialog box should appear after the command is run to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

    2. Close and reopen Internet Explorer for the changes to take effect.

    For 64-bit Windows systems

    Note The following commands must be entered from an elevated command prompt.

    1. From an elevated command prompt enter the following commands:
      "%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"
      
      "%SystemRoot%\System32\regsvr32.exe" -u "%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll"
      

      A dialog box should appear after each command is run to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

    2. Close and reopen Internet Explorer for the changes to take effect


    However, we need to automate this because we cannot ask users to do this, nor can we go from PC to PC running these commands manually.  According to their instructions, you must click through confirmation prompts to complete it.

    How can we run this command silently so that it requires no user interaction (clicking OK on dialog boxes, etc.)?

    We would like to add it to a computer startup script so that users do not need to do anything.




    • Edited by MyGposts Wednesday, April 30, 2014 4:21 AM
    Wednesday, April 30, 2014 4:15 AM

Answers

  • "%SystemRoot%\System32\regsvr32.exe" /u /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

    /s - Silent; display no message boxes

    • Marked as answer by MyGposts Wednesday, April 30, 2014 2:53 PM
    Wednesday, April 30, 2014 2:31 PM

All replies

  • "%SystemRoot%\System32\regsvr32.exe" /u /s "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll"

    /s - Silent; display no message boxes

    • Marked as answer by MyGposts Wednesday, April 30, 2014 2:53 PM
    Wednesday, April 30, 2014 2:31 PM
  •   @REM Security Advisory 2963983 0-Day Exploit remediation
      @REM Usage as Logon script or SCCM deployment


       @REM Specify the batch environment
       @Echo Off
       CD /D %SystemRoot%\System32
       Set Path=%SystemRoot%;%SystemRoot%\System32;%SystemRoot%\System32\Wbem
       SetLocal ENABLEEXTENSIONS
       SetLocal ENABLEDELAYEDEXPANSION


       @REM Check the OS Architecture then execute
       For /f "usebackq" %%a in (`@Echo %PROCESSOR_ARCHITECTURE% ^| Findstr 86`) Do (Set PROCESSORARCHITECTURE=x86)
       If Not Defined PROCESSORARCHITECTURE (For /f "usebackq" %%a in (`@Echo %PROCESSOR_ARCHITECTURE% ^| Findstr 64`) Do (Set PROCESSORARCHITECTURE=x64))
       If /i %PROCESSORARCHITECTURE%==x86 (
          If Exist "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll" ("%SystemRoot%\System32\Regsvr32.exe" /s /u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll")
       )
       If /i %PROCESSORARCHITECTURE%==x64 (
          If Exist "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll" ("%SystemRoot%\System32\Regsvr32.exe" /s /u "%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll")
          If Exist "%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll" ("%SystemRoot%\System32\Regsvr32.exe" /s /u "%CommonProgramFiles(x86)%\Microsoft Shared\VGX\vgx.dll")
       )


       @REM Determine the Exit Code
       For /f "TOKENS=4*" %%a in ('%SystemRoot%\System32\Reg.exe Query "HKEY_CLASSES_ROOT\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}\InprocServer32" /ve ^| Findstr /i "vgx"') Do (Set ExitCode=1)
       If Not Defined ExitCode (Set ExitCode=0)
       Exit /B %ExitCode%


    • Proposed as answer by Scott J Rossow Thursday, May 1, 2014 1:14 AM
    • Edited by Scott J Rossow Thursday, May 1, 2014 1:17 AM Usage case added
    Thursday, May 1, 2014 12:21 AM
  • Hi Experts,

    Another solutions I found from web and saying to ensure the below registry key been deleted from our registry.

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}

    HKEY_CLASSES_ROOT\CLSID\{10072CEC-8CC1-11D1-986E-00A0C955B42E}


    Are they related to VGX.DLL unregistration process? Coz I still can see both keys on my registry list.

    Friday, May 2, 2014 3:23 AM
  • Yes, the key is part of the registration process. If you look carefully, you will see they are two paths to the same location. Create a key under the first path and it appears under the second path.

    The solution we deployed has been posted above. Notice at the end of the script I added a check for the existence of a registry value then passed the result to the exit code. The value exists under the same key path you provided.  The exit code was to provide SCCM with a true success metric.


    Friday, May 2, 2014 4:07 PM