Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Check if all systems have the WannaCry related Hotfixes installed - Based upon several requests, I also published a small tool on GitHub https://github.com/jhochwald/who_needs_wannacry_patches
#requires -Version 2.0 -Modules ActiveDirectory
<#
.SYNOPSIS
Check if all systems have the WannaCry related Hotfixes installed
.DESCRIPTION
Check if all systems have the WannaCry related Hotfixes installed.
Checks given Computers, or all server systems found in the Active Directory (default)
.PARAMETER ComputerList
Name, or list of computers to check
.EXAMPLE
# Check if WindowsServer1 have all WannaCry related hotfixes installed
PS C:\> .\who_needs_wannacry_patches.ps1 -ComputerList 'WindowsServer1'
.EXAMPLE
# Check if WindowsServer1 and WinDC01 have all WannaCry related hotfixes installed
# In this example the Server WinDC01 is unreachable.
PS C:\> .\who_needs_wannacry_patches.ps1 -ComputerList 'WindowsServer1','WinDC01'
WARNING: WinDC01 is offline or unreachable.
.EXAMPLE
# Check all systems found in the Active Directory have all WannaCry related hotfixes installed
# In this example the System ZRHW10VM01 is missing some of the WannaCry hotfixes
PS C:\> .\who_needs_wannacry_patches.ps1
WARNING: ZRHW10VM01 is missing WannaCry hotfix
.NOTES
Advice:
You need to review and tweak the Filter in Line 76
Please note, that the WannaCry problem doesn't apply to Windows 10 (Just in case you change the filter to clients)
History:
2017-05-15 - Add the following KB4015549, KB4015552, KB4015553, and KB4019264
2017-05-15 - Another tweak to the Filter (Line 76) to avoid Windows 10 but covers all other Windows OSes
2017-05-15 - The newer version contains a fixed KB List / Removed the Signature
2017-05-12 - Inital Version WannaCry
License:
Public Domain
General:
The code is provided 'as is,' with all possible faults, defects or errors, and without warranty of any kind.
.LINKS
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
https://hochwald.net/check-wannacry-related-hotfixes-installed/
#>
param
(
[Parameter(ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
Position = 1)]
[string[]]
$ComputerList
)
begin {
# List of fixes we search for, in this case all fixes relates to WannaCry
# Source List: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx and feedback
$hotfixes = 'KB4012212', 'KB4012213', 'KB4012214', 'KB4012215', 'KB4012216', 'KB4012217', 'KB4012598', 'KB4012606', 'KB4013198', 'KB4013429', 'KB4015217', 'KB4015438', 'KB4015549', 'KB4015550', 'KB4015551', 'KB4015552', 'KB4015553', 'KB4016635', 'KB4019215', 'KB4019216', 'KB4019264', 'KB4019472'
}
process {
if (-not ($ComputerList))
{
try
{
# Filter for all Windows Systems, ignore our Mac's an Windows 10
$ComputerList = Get-ADComputer -Filter {
(OperatingSystem -Like 'Windows*') -and (OperatingSystem -notlike '*Windows 10*')
} | Select-Object -ExpandProperty 'Name'
}
catch
{
Write-Error -Message 'Unable to get the List of computers from the Active Directory' -ErrorAction Stop
}
}
# Loop over the List of computers
foreach($computer in $ComputerList)
{
if(-not(Test-Connection -ComputerName $computer -Count 1 -Quiet))
{
Write-Verbose "$computer is possibly offline or unreachable (Try anyway)."
}
try
{
$hotfix = Get-HotFix -ComputerName $computer |
Where-Object -FilterScript {
$hotfixes -contains $_.HotfixID
} |
Select-Object -ExpandProperty 'HotFixID'
if($hotfix)
{
Write-Verbose -Message "$computer has hotfix $hotfix installed"
}
else
{
Write-Warning -Message "$computer is missing WannaCry hotfix"
continue
}
}
catch
{
Write-Warning -Message "Unable to get Hostfix Info from $computer"
continue
}
}
}
<#
I removed the signature to make it easier for others to adopt it (e.g. Tweak or changes)
If you need a signed version, just drop me a line and I can sign one for you.
NOTE: If you change something, upload it as Gist to GitHub and send me the link.
And yes, I'll sign the script for free! Why not? (Before you ask!)
#>
@jutsey

This comment has been minimized.

Show comment
Hide comment
@jutsey

jutsey May 15, 2017

Thanks for this.

jutsey commented May 15, 2017

Thanks for this.

@jhochwald

This comment has been minimized.

Show comment
Hide comment
@jhochwald

jhochwald May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

There are a few known issues:

  • Test-Connection mark some systems as down, even if they are not!
  • The Array (Line 46) doesn't work on all systems. Some OS Versions do not need all of them

I will pushlisuh an updated Version (with a bit more testing an logic) soon.

Owner

jhochwald commented May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

There are a few known issues:

  • Test-Connection mark some systems as down, even if they are not!
  • The Array (Line 46) doesn't work on all systems. Some OS Versions do not need all of them

I will pushlisuh an updated Version (with a bit more testing an logic) soon.

@jhochwald

This comment has been minimized.

Show comment
Hide comment
@jhochwald

jhochwald May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

New Version:

  • The newer version contains a fixed KB List
  • Check will run, even if the Test-Connection failed. Some had issues with that!
  • Removed the Signature
Owner

jhochwald commented May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

New Version:

  • The newer version contains a fixed KB List
  • Check will run, even if the Test-Connection failed. Some had issues with that!
  • Removed the Signature
@jhochwald

This comment has been minimized.

Show comment
Hide comment
@jhochwald

jhochwald May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

I removed the signature to make it easier for others to adopt it (e.g. Tweak or changes)
If you need a signed version, just drop me a line and I can sign one for you. (yep, for free!)
NOTE: If you change something, upload it as Gist to GitHub and send me the link.

Owner

jhochwald commented May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

I removed the signature to make it easier for others to adopt it (e.g. Tweak or changes)
If you need a signed version, just drop me a line and I can sign one for you. (yep, for free!)
NOTE: If you change something, upload it as Gist to GitHub and send me the link.

@jhochwald

This comment has been minimized.

Show comment
Hide comment
@jhochwald

jhochwald May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

Update to Filter:

  • Another tweak to the Filter (Line 75) to avoid Windows 10 but covers all other Windows OSes
Owner

jhochwald commented May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

Update to Filter:

  • Another tweak to the Filter (Line 75) to avoid Windows 10 but covers all other Windows OSes
@jhochwald

This comment has been minimized.

Show comment
Hide comment
@jhochwald

jhochwald May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

KB List update:

  • Add the following KB4015549, KB4015552, KB4015553, and KB4019264
Owner

jhochwald commented May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

KB List update:

  • Add the following KB4015549, KB4015552, KB4015553, and KB4019264
@mondynet

This comment has been minimized.

Show comment
Hide comment
@mondynet

mondynet May 15, 2017

Write-Verbose -Message "$computer has hotfix $hotfix installed" doesn't seem to be working. It just skips the list of systems.

Write-Verbose -Message "$computer has hotfix $hotfix installed" doesn't seem to be working. It just skips the list of systems.

@jhochwald

This comment has been minimized.

Show comment
Hide comment
@jhochwald

jhochwald May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

to prevent further questions:
if you see something like this: WARNING: Unable to get Hostfix Info from HOSTNAME, please check that remote administration is enabled for the host that you use to run the script!

Owner

jhochwald commented May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

to prevent further questions:
if you see something like this: WARNING: Unable to get Hostfix Info from HOSTNAME, please check that remote administration is enabled for the host that you use to run the script!

@jhochwald

This comment has been minimized.

Show comment
Hide comment
@jhochwald

jhochwald May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

@mondynet did you turn on verbose mode?
if not, just replace Write-Verbose -Message "$computer has hotfix $hotfix installed" with Write-output "$computer has hotfix $hotfix installed"

you will see something like this:
FRA3PWDC01 has hotfix KB4019472 installed
Example from an Windows 2016 based host.

Owner

jhochwald commented May 15, 2017

There is also a (freeware) version as a UI based tool available on Github.

@mondynet did you turn on verbose mode?
if not, just replace Write-Verbose -Message "$computer has hotfix $hotfix installed" with Write-output "$computer has hotfix $hotfix installed"

you will see something like this:
FRA3PWDC01 has hotfix KB4019472 installed
Example from an Windows 2016 based host.

@mondynet

This comment has been minimized.

Show comment
Hide comment
@mondynet

mondynet May 15, 2017

It worked!

Enabled it via administrator Powershell prompt > Enable-PSRemoting

It worked!

Enabled it via administrator Powershell prompt > Enable-PSRemoting

@jhochwald

This comment has been minimized.

Show comment
Hide comment
Owner

jhochwald commented May 15, 2017

@mondynet good :)

@jhochwald

This comment has been minimized.

Show comment
Hide comment
@jhochwald

jhochwald May 16, 2017

There is also a (freeware) version as a UI based tool available on Github.

Here is a bit more information (After some comments and questions that arrived within the last hours)...

There are a few requirements:

  • The PowerShell must be elevated (Run as Administrator)
  • The RSAT Tools must be installed. Install it via Server Manager (Server) or Download (Client). Just Google for "Windows RSAT"
  • The Computer that should run the scan needs to be Domain joined (If you want to use the Active Directory feature)
  • The permissions needs to fit! The User needs to have permission in the Active Directory
  • Remote PowerShell must be enabled: $null = (Enable-PSRemoting -Force) (Execute this on the REMOTE systems)

Optional:

  • The remote system should allow Remote Management (Check the ‘Windows Remote Management’ Rule)

The last two points could be established manually or via an GPO Rule. You might want to remove these after the scan.

Sorry that I forgot to mention these requirements! But all of them are set on all of my systems and on the customer systems that I use frequently. We apply these settings with a base image and via DSC. So that was kind of normal for me :-)

Thanks to all for the feedback!

Owner

jhochwald commented May 16, 2017

There is also a (freeware) version as a UI based tool available on Github.

Here is a bit more information (After some comments and questions that arrived within the last hours)...

There are a few requirements:

  • The PowerShell must be elevated (Run as Administrator)
  • The RSAT Tools must be installed. Install it via Server Manager (Server) or Download (Client). Just Google for "Windows RSAT"
  • The Computer that should run the scan needs to be Domain joined (If you want to use the Active Directory feature)
  • The permissions needs to fit! The User needs to have permission in the Active Directory
  • Remote PowerShell must be enabled: $null = (Enable-PSRemoting -Force) (Execute this on the REMOTE systems)

Optional:

  • The remote system should allow Remote Management (Check the ‘Windows Remote Management’ Rule)

The last two points could be established manually or via an GPO Rule. You might want to remove these after the scan.

Sorry that I forgot to mention these requirements! But all of them are set on all of my systems and on the customer systems that I use frequently. We apply these settings with a base image and via DSC. So that was kind of normal for me :-)

Thanks to all for the feedback!

@jhochwald

This comment has been minimized.

Show comment
Hide comment
@jhochwald

jhochwald May 16, 2017

There is also a (freeware) version as a UI based tool available on Github.

Owner

jhochwald commented May 16, 2017

There is also a (freeware) version as a UI based tool available on Github.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment