Ransomware

Identifying and Reporting on Machines That Do Not Have Patches Related To Wanna Cry SMB Vulnerability

Report Machines Vulnerable to Wanna Cry

Description

Due to recent events surrounding the recent outbreak of the “WannaCry” ransomware, the WannaCry/Crypt has made international headlines due to the rate of spread for a ransomware attack. The technical community is still assessing the full impact and it is important to understand the vulnerability for the attack was a known vulnerability in Windows. Those with patched OS's should not be affected.

This article is provided to assist customers during their investigation to quickly and easily create a report that identifies machines that may be at risk if they do not have the security monthly rollup or the MS17-010 patches. We have provided two options in which to generate a report, Option 1 being a report based on using log data and Option 2 based on using a custom field.

Special Note: If you have Windows XP/2003/embedded/vista machines, specific patches were released for those, and you can easily manage this through Patch Management without any further intervention. This KB is not to be used as substitute for thorough investigation and patch strategy.

Follow the step-by-step instructions to generate a report based on whichever option you elect.
A copy of these instructions are included in the Zip file as PDF.

UPDATE: The ZIP file has been updated with a new PS1 script from Microsoft based on this article (https://support.microsoft.com/en-us/help/4023262/how-to-verify-that-ms17-010-is-installed)
The Agent procedures have also been updated to work on 32 Bits systems.
The Reports files have also been tweaked to work with the new script.

Categories
Developer
  • Name: Douglas Sanchez
  • Company: Kaseya
  • Website: http://www.kaseya.com
  • Contact Developer
  • Summary
  • Identifying and Reporting on Machines That Do Not Have Patches Related To Wanna Cry SMB Vulnerability
  • 54 Downloads
  • Released on May 19th, 2017
  • Reviews

    Identifying and Reporting on Machines That Do Not Have Patches Related To Wanna Cry SMB Vulnerability has no reviews.

    Discussion
    Gravatar for Jeff Lorenzen
    Jeff Lorenzen 3 days ago

    This will need some work if you run it. It's not OS architecture aware and the PS script does not accurately check for the installed patch, especially on legacy systems. I will be posting my own testing procedure and scripts for patching your systems shortly

    Gravatar for Douglas Sanchez
    Douglas Sanchez about 17 hours ago

    The listing has been updated with a new Powershell script provided by Microsoft, as well as new Agent Procedures to work on 32 Bits systems. The reports have also been updated to reflect the changes in the script.