Check your covered against the WannaCry ransomware exploit
Posted: Sat May 13, 2017 3:34 pm
Check your covered against the WannaCry ransomware exploit
you'll need to make sure you have the Microsoft SMB patch MS17-010 KB4013389
looks like they combined KB's for this fix - list of KB's to check per O/S
Doesn't seem to be consistent on the KB's required
Windows Vista (all editions) KB4012598
Windows Server 2008 (all editions) KB4012598
Windows 7 (all editions) KB4012212
Windows Server 2008 R2 (all editions) KB4012212
Windows 8.1 (all editions) KB4012213
Windows Server 2012 and Windows Server 2012 R2 (all editions) KB4012214
Windows 10 (all editions) KB4012606
Windows Server 2016 (all editions) KB4013429
example's
Open a powershell prompt and type this:
get-hotfix | out-string -stream | select-string "KB4013389"
get-hotfix | out-string -stream | select-string "KB4012606"
powershell script Don't forget to change the Computername name
$hotfixes = "KB4012212", "KB4012213", "KB4012214", "KB4012215", "KB4012216", "KB4012217", "KB4012219", "KB4012220", "KB4012598", "KB4012606", "KB4013198", "KB4013429", "KB4015217", "KB4015438", "KB4015549", "KB4015550", "KB4015551", "KB4015552", "KB4015553", "KB4015554", "KB4016635", "KB4019215", "KB4019216", "KB4019263", "KB4019264", "KB4019472", "KB4018466", "KB4013389", "KB2919355"
#This variant is for manual entry server names
#$Computername = "server1", "server2","server3","server4","server5"
$Computername = "CHANGE_ME"
foreach ($comp in $Computername) {
$hotfix = Get-HotFix -ComputerName "$Comp"| Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID"
if (Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID})
{
"Found HotFix on $Comp : " + $hotfix.HotFixID
} else {
"Didn’t Find HotFix on $Comp"
}
}
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012212"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012213"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012214"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012215"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012216"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012217"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012219"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012220"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012598"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012606"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4013198"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4013429"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015217"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015438"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015549"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015550"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015551"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015552"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015553"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015554"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4016635"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019215"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019216"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019263"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019264"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019472"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4018466"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4013389"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB2919355"
check the windows update history
some pages to look at
https://support.microsoft.com/en-us/help/4013389/title
https://technet.microsoft.com/en-us/lib ... 7-010.aspx
https://superuser.com/questions/1208741 ... ed/1208745
hope this helps
Cheers
Rescue PC
you'll need to make sure you have the Microsoft SMB patch MS17-010 KB4013389
looks like they combined KB's for this fix - list of KB's to check per O/S
Doesn't seem to be consistent on the KB's required
Windows Vista (all editions) KB4012598
Windows Server 2008 (all editions) KB4012598
Windows 7 (all editions) KB4012212
Windows Server 2008 R2 (all editions) KB4012212
Windows 8.1 (all editions) KB4012213
Windows Server 2012 and Windows Server 2012 R2 (all editions) KB4012214
Windows 10 (all editions) KB4012606
Windows Server 2016 (all editions) KB4013429
example's
Open a powershell prompt and type this:
get-hotfix | out-string -stream | select-string "KB4013389"
get-hotfix | out-string -stream | select-string "KB4012606"
powershell script Don't forget to change the Computername name
$hotfixes = "KB4012212", "KB4012213", "KB4012214", "KB4012215", "KB4012216", "KB4012217", "KB4012219", "KB4012220", "KB4012598", "KB4012606", "KB4013198", "KB4013429", "KB4015217", "KB4015438", "KB4015549", "KB4015550", "KB4015551", "KB4015552", "KB4015553", "KB4015554", "KB4016635", "KB4019215", "KB4019216", "KB4019263", "KB4019264", "KB4019472", "KB4018466", "KB4013389", "KB2919355"
#This variant is for manual entry server names
#$Computername = "server1", "server2","server3","server4","server5"
$Computername = "CHANGE_ME"
foreach ($comp in $Computername) {
$hotfix = Get-HotFix -ComputerName "$Comp"| Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID"
if (Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID})
{
"Found HotFix on $Comp : " + $hotfix.HotFixID
} else {
"Didn’t Find HotFix on $Comp"
}
}
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012212"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012213"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012214"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012215"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012216"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012217"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012219"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012220"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012598"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012606"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4013198"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4013429"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015217"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015438"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015549"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015550"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015551"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015552"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015553"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015554"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4016635"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019215"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019216"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019263"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019264"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019472"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4018466"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4013389"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB2919355"
check the windows update history
some pages to look at
https://support.microsoft.com/en-us/help/4013389/title
https://technet.microsoft.com/en-us/lib ... 7-010.aspx
https://superuser.com/questions/1208741 ... ed/1208745
hope this helps
Cheers
Rescue PC