xBytez/0-Get-Hotfix_remote.md

## 0-Get-Hotfix_remote.md

      
    Raw
  

              0-Get-Hotfix_remote.md
            
          
    Get-Hotfix remote

This PS script checks if CVE-2022-24497 has been patched by checking if a remote (or local) system has the hotfix for the system's OS version installed.
Populate servers.txt in the same directory as the script with hostnames for the script to check in this format:
(example)
ADDC01
EXCH01
TS00
TS01
TS02

The script will automatically create hotfix.log in the same directory with logs and results.

  
## 1-hotfix-remote.ps1
$computers = Get-Content -path 'servers.txt'
$logFile   = 'hotfix.log'
$creds = Get-Credential

function LogWrite {
   Param ([string]$logstring)
   $now = Get-Date -format s
   Add-Content $Logfile -value "$now $logstring"
   Write-Output "$now $logstring"
}

LogWrite "Started hotfix-remote"

foreach ($computer in $computers) {
    if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
        LogWrite "Checking $computer..."

        try {
            $OS  = Get-WmiObject -class Win32_OperatingSystem -ComputerName $computer -Credential $creds -ErrorAction Stop
            $OSVersion = $OS.Caption
            $OSBootDate = $OS.LastBootUpTime
            $OSUptime = (Get-Date) - [Management.ManagementDateTimeConverter]::ToDateTime($OS.LastBootUpTime)

            switch -wildcard ($OSVersion)
            {
                "*Windows Server 2012*"
                {
                    $KB = "KB5012670"
                }
                "*Windows Server 2016*"
                {
                    $KB = "KB5012596"
                }
                "*Windows Server 2019*"
                {
                    $KB = "KB5012647"
                }
                "*Windows Server 2022*"
                {
                    $KB = "KB5012604"
                }
            }

            try {
		        $hotfix = (Get-HotFix -Id $KB -ComputerName $computer -Credential $creds -ErrorAction Stop).InstalledOn
                if ($hotfix) {
                    LogWrite "$KB is installed on $computer ($OSVersion) at $hotfix. Uptime is $OSUptime ($OSBootDate)."
                 }
	        }
            catch {
	    	    LogWrite "$KB is NOT installed on $computer ($OSVersion). Uptime is $OSUptime ($OSBootDate)."
	        }
        }
        catch {
            LogWrite "Can not get OS details from $computer"
        }
    }
    else {
        LogWrite "Can not check $computer"
    }
}
LogWrite "End of hotfix-remote"

## 2-hotfix-local.ps1
$OSVersion = (Get-WmiObject -class Win32_OperatingSystem).Caption

switch -wildcard ($OSVersion)
{
    "*Windows Server 2012*"
    {
        $KB = "KB5012670"
    }
    "*Windows Server 2016*"
    {
        $KB = "KB5012596"
    }
    "*Windows Server 2019*"
    {
        $KB = "KB5012647"
    }
    "*Windows Server 2022*"
    {
        $KB = "KB5012604"
    }
}

if (Get-Hotfix -Id $KB -ErrorAction SilentlyContinue) {
    Write-Host "Patch $KB installed"
} else {
    Write-Host "Patch $KB not installed."
}
	$computers = Get-Content -path 'servers.txt'
	$logFile = 'hotfix.log'
	$creds = Get-Credential

	function LogWrite {
	Param ([string]$logstring)
	$now = Get-Date -format s
	Add-Content $Logfile -value "$now $logstring"
	Write-Output "$now $logstring"
	}

	LogWrite "Started hotfix-remote"

	foreach ($computer in $computers) {
	if (Test-Connection -ComputerName $computer -Count 1 -Quiet) {
	LogWrite "Checking $computer..."

	try {
	$OS = Get-WmiObject -class Win32_OperatingSystem -ComputerName $computer -Credential $creds -ErrorAction Stop
	$OSVersion = $OS.Caption
	$OSBootDate = $OS.LastBootUpTime
	$OSUptime = (Get-Date) - [Management.ManagementDateTimeConverter]::ToDateTime($OS.LastBootUpTime)

	switch -wildcard ($OSVersion)
	{
	"Windows Server 2012"
	{
	$KB = "KB5012670"
	}
	"Windows Server 2016"
	{
	$KB = "KB5012596"
	}
	"Windows Server 2019"
	{
	$KB = "KB5012647"
	}
	"Windows Server 2022"
	{
	$KB = "KB5012604"
	}
	}

	try {
	$hotfix = (Get-HotFix -Id $KB -ComputerName $computer -Credential $creds -ErrorAction Stop).InstalledOn
	if ($hotfix) {
	LogWrite "$KB is installed on $computer ($OSVersion) at $hotfix. Uptime is $OSUptime ($OSBootDate)."
	}
	}
	catch {
	LogWrite "$KB is NOT installed on $computer ($OSVersion). Uptime is $OSUptime ($OSBootDate)."
	}
	}
	catch {
	LogWrite "Can not get OS details from $computer"
	}
	}
	else {
	LogWrite "Can not check $computer"
	}
	}
	LogWrite "End of hotfix-remote"
	$OSVersion = (Get-WmiObject -class Win32_OperatingSystem).Caption

	switch -wildcard ($OSVersion)
	{
	"Windows Server 2012"
	{
	$KB = "KB5012670"
	}
	"Windows Server 2016"
	{
	$KB = "KB5012596"
	}
	"Windows Server 2019"
	{
	$KB = "KB5012647"
	}
	"Windows Server 2022"
	{
	$KB = "KB5012604"
	}
	}

	if (Get-Hotfix -Id $KB -ErrorAction SilentlyContinue) {
	Write-Host "Patch $KB installed"
	} else {
	Write-Host "Patch $KB not installed."
	}