Page 1 of 1

Check your covered against the WannaCry ransomware exploit

Posted: Sat May 13, 2017 3:34 pm
by RescuePC
Check your covered against the WannaCry ransomware exploit

you'll need to make sure you have the Microsoft SMB patch MS17-010 KB4013389

looks like they combined KB's for this fix - list of KB's to check per O/S

Doesn't seem to be consistent on the KB's required

Windows Vista (all editions) KB4012598
Windows Server 2008 (all editions) KB4012598
Windows 7 (all editions) KB4012212
Windows Server 2008 R2 (all editions) KB4012212
Windows 8.1 (all editions) KB4012213
Windows Server 2012 and Windows Server 2012 R2 (all editions) KB4012214
Windows 10 (all editions) KB4012606
Windows Server 2016 (all editions) KB4013429

example's
Open a powershell prompt and type this:
get-hotfix | out-string -stream | select-string "KB4013389"
get-hotfix | out-string -stream | select-string "KB4012606"

powershell script Don't forget to change the Computername name
$hotfixes = "KB4012212", "KB4012213", "KB4012214", "KB4012215", "KB4012216", "KB4012217", "KB4012219", "KB4012220", "KB4012598", "KB4012606", "KB4013198", "KB4013429", "KB4015217", "KB4015438", "KB4015549", "KB4015550", "KB4015551", "KB4015552", "KB4015553", "KB4015554", "KB4016635", "KB4019215", "KB4019216", "KB4019263", "KB4019264", "KB4019472", "KB4018466", "KB4013389", "KB2919355"

#This variant is for manual entry server names
#$Computername = "server1", "server2","server3","server4","server5"

$Computername = "CHANGE_ME"
foreach ($comp in $Computername) {
$hotfix = Get-HotFix -ComputerName "$Comp"| Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID"
if (Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID})
{
"Found HotFix on $Comp : " + $hotfix.HotFixID
} else {
"Didn’t Find HotFix on $Comp"
}
}


Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012212"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012213"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012214"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012215"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012216"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012217"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012219"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012220"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012598"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4012606"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4013198"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4013429"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015217"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015438"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015549"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015550"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015551"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015552"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015553"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4015554"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4016635"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019215"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019216"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019263"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019264"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4019472"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4018466"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB4013389"
Get-WmiObject -Class "win32_quickfixengineering" | out-string -stream | select-string "KB2919355"

check the windows update history

some pages to look at
https://support.microsoft.com/en-us/help/4013389/title
https://technet.microsoft.com/en-us/lib ... 7-010.aspx
https://superuser.com/questions/1208741 ... ed/1208745


hope this helps
Cheers
Rescue PC