However, if you have to manage over 300 workstations, doing this manually is impossible and in turn we need a programmatic way to do this. I believe I found a proper way to do this on Windows 10 however IE11 is still an option but notepad is selected by default the first time you try opening a .mht or .mhtml file.
Here is the process / thinking below.
I am running my tests on Windows 10 Enterprise Edition (1809 builds) with patches up to March 2019.
1. First, I clear out the HKCU keys for mht and mhtml files. Remove these entries:
Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml
Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht
2. After clearing the keys, i then just use the built in ASSOC and FTYPE commands to force the associations. You will have to run the batch file (if you script it) or run command prompt as an administrator!
Then run these commands:
assoc .mht=
assoc .mhtml=
assoc .mht=txtfile
assoc .mhtml=txtfile
ftype mhtmlfile=%SystemRoot%\system32\NOTEPAD.EXE %1
3. Finally, we will just need to restart explorer. You can go the taskill route and then call explorer again to relaunch it, ie:
taskkill /F /IM explorer.exe
explorer.exe
Hopefully that helps the other sysadmins out there.
Referencing exploits via AskWoody:
https://www.askwoody.com/2019/that-internet-explorer-xxe-zero-day-poking-through-to-edge/
https://www.zdnet.com/article/internet-explorer-zero-day-lets-hackers-steal-files-from-windows-pcs
No comments:
Post a Comment