Blog Detail

How to check for MS17-010 and other Hotfixes

13 May , 2017,
arien
,
No Comments

There has been a lot of commotion in the technews about the #WannaCrypt / #WannaCry / #Wcry ransomware.
For example NYT made a nice map showing the outbreak around the globe. More detailed information can be found at Troy Hunt’s blog post.

The Critical Update Bulletin can be found at: https://technet.microsoft.com/library/security/MS17-010
MSRC even made Customer Guidance page.

Ofcourse we need to keep our patches current. I just wanted to do a quick check on my systems where protected from the exploit yes or not? Just looking in the “View Installed updates” scanning for 4012212 can be an annoying Control panel task. The search on this page also isn’t much fun either because it will scan the entire system again and sometimes missing the result you’re looking for!

View Installed Updates

The problem for MS17-010: In the bulletin I could find KB-numbers for every OS needed. But what was missing are; the Rollups replacing the March Rollup(s) are not mentioned in the bulletin itself. If you have these, you’re good/patched aswell :-).


Microsoft does not show replacement information on the KB-page itself.

Using a SCCM Console we can find Supersedence information for example April rollup KB4015549 (first monthly successor).

The updates missing here might be caused by Supersedence Rules

And so the best place to look for this information would be the Microsoft Update Catalog

After searching, click on the update [title] to view details for KB4015549 and go to the ‘Package Details’ tab. Here we can find the needed replacement information (‘This update has been replaced by the following updates’). Click every replacing update until you end with ‘n/a’.

To wrap up and quickly check on a few systems I’ve made a script checking it for the most common operating systems.

It can also be changed and run remotely from a management system ofcourse.
So here is how you could do this after changing the original script just a little bit:

You need to have PS-AD-Tools (RSAT) installed for the last script.
Change the Distinguished Name (DN) in line 25.

Leave A Comment