So we have all heard about the Zero Day flaw IE has, and XP users are out in the cold (despite plenty of warning that support would not be forthcoming). We can tell our users not to use IE, and delete the shortcuts, but sure as bacon comes directly from SpiceRex (AKA GOD), we all have that user who will open it, and infect themselves...and others, creating a headache for everyone involved. Or you could take the time to manually remove IE as a Windows feature. On. Every. PC. Not sounding so good, huh?
I was thinking about this, as I have been given the task of mitigating the threat on our domain for the 50 some odd XP machines we have still (was not looking forward to VNC connecting to each one in the early morning hours).
I realized that the exploit occurs when you ACCESS a compromised page...So without further ado, I give you the procedure for Internet Explorer's frontal lobotomy. We will remove the Internet from Internet Explorer.
These can be added to an existing GPO as a logon script (Only needs run once, you can remove it when you are done, or leave it to make sure it is set back every time for that particular user that will decide to track it down and change it).
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1 /f
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d 0.0.0.0:0 /f
Work Smarter, not harder, and ask the laziest person you know for the quickest way to do something.