{"id":5114,"date":"2017-05-12T17:13:44","date_gmt":"2017-05-12T22:13:44","guid":{"rendered":"https:\/\/www.poweradmin.com\/blog\/?p=5114"},"modified":"2017-05-16T09:57:27","modified_gmt":"2017-05-16T14:57:27","slug":"how-to-check-for-ms17-010-and-other-hotfixes","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/how-to-check-for-ms17-010-and-other-hotfixes\/","title":{"rendered":"How to check for MS17-010 and other HotFixes"},"content":{"rendered":"

\"\"<\/a>Sometimes you need to check on the status of your applied updates and quickly. With news of the WannaCrypt\/WannaCry Ransomware spreading via the MS17-010<\/a>\u00a0vulnerability around the globe<\/a> it\u2019s a good idea to double check that all your updates are applied correctly.<\/span><\/p>\n

\u00a0<\/p>\n

The following is a quick PowerShell Execute Script monitor that you can add to Server Monitor to check for the presence of the HotFixes needed to mitigate MS17-010:<\/span><\/p>\n

\u00a0<\/p>\n

\n
# KB4012598 KB4018466- Windows Server 2008\r\n# KB4012217 KB4015551 KB4019216 - Windows Server 2012\r\n# KB4012216 KB4015550 KB4019215 - Windows Server 2012 R2\r\n# KB4013429 KB4019472 KB4015217 KB4015438 KB4016635 - Windows Server 2016\r\n\r\n# List of all HotFixes containing the patch\r\n$hotfixes = \"KB4012598\", \"KB4018466\", \"KB4012217\", \"KB4015551\", \"KB4019216\", \"KB4012216\", \"KB4015550\", \"KB4019215\", \"KB4013429\", \"KB4019472\", \"KB4015217\", \"KB4015438\", \"KB4016635\"\r\n\r\n# Search for the HotFixes\r\n$hotfix = Get-HotFix -ComputerName $mon.ComputerName | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property \"HotFixID\"\r\n\r\n# See if the HotFix was found\r\nif ($hotfix) {\r\n\u00a0 \u00a0 $mon.FireActions = $false\r\n\u00a0 \u00a0 $mon.Details = \"Found HotFix: \" + $hotfix.HotFixID\r\n    # a blank value removes the property \r\n    $mon.SetComputerCustomPropByID(0, \"NEEDS-MS17-010-FIX\", \"\")\r\n} else {\r\n\u00a0 \u00a0 $mon.FireActions = $true\r\n\u00a0 \u00a0 $mon.Details = \"Didn't Find HotFix\"\r\n    $mon.SetComputerCustomPropByID(0, \"NEEDS-MS17-010-FIX\", \"YES\") \r\n}<\/pre>\n<\/blockquote>\n
\u00a0<\/p>\n
\n  The script should work in either Powershell v2 or v4 and contains all the Hot Fix numbers as of 5\/16\/2017 that contain the MS17-010 patch (each rollup update will replace the existing HotFix with a new KB number).<\/span><\/p>\n
If you are using another version of Windows not listed above or if you\u2019re trying to apply this to another vulnerability, the process for getting the KB numbers for the $hotfixes<\/span> variable is:<\/span><\/p>\n