How to verify that MS17-010 is installed (Wannacry Ransomware patch)
With the outburst of WannaCry, keeping machines’ patch level up to date has become a main mission for every IT technician and a top priority for any IT organization. vScope allows basically anyone, with out the use of any scripting, to easily browse and overview patch status on every machine discovered. This is a great feature in these cases when we quickly want to find out about patch information from all across the IT.
How can I find patch information in vScope?
Patch information is displayed in several views in vScope. Now in this case, Microsoft has provided a fairly complete list of all KBs that ensure us that MS17-010 is installed (NOTICE: this list is continuously updated by Microsoft due to patch replacement. Please ensure that you have a valid and updated list of KB:s before looking for these patches in vScope):
"KB4012212", "KB4012215", "KB4012218", "KB4015552", "KB4019263", "KB4019264", "KB4012214", "KB4012217", "KB4012220", "KB4015554", "KB4019214", "KB4019216", "KB4012213", "KB4012216", "KB4012219", "KB4015547", "KB4015553", "KB4019213", "KB4019215", "KB4012606", "KB4016637", "KB4015221", "KB4019474", "KB4013198", "KB4016636", "KB4015219", "KB4019473", "KB4013429", "KB4016635", "KB4015217", "KB4019472", "KB4012598", "KB4012598", "KB4012598", "KB4012598", "KB4012598"
With this information we can now start looking in vScope to find if we are missing MS10-017.
You can easily build a customized report (table) about all machines’ current patch level. Do this by selecting the ‘All Machines’ resource, add columns such as:
- Installed Windows Updates
- Last Patch
- Last Patch Date
Now vScope will list All machines (both servers and clients) and information regarding the patches on these specific machines. We can now either filter using the free text search in the top left corner, or we can make use of the much more powerful filter panel out to the right. In this image below I’m going to list every machine that DO NOT have “KB40122112” and “KB4012215” installed (clicking two times on a filter will toggle it to a NOT filter)
The resulting table shows that two machines are missing these KB:s. Very easy!
You can also do this from a table based on Applications as seen below. This lists all KB:s and where they are installed.
The properties page shows all information about any resource added to vScope. When we are looking for patch info, everything you need to know is located in the bottom of the properties page. Here you can even filter and see if any specific patch has been installed. In the case of MS17-101 this might require some extensive searching. So, in the case of MS17-010 – not very recommended.
Tracker – Recommended
vScope Tracker has inbuilt cases regarding both patch level and MS17-010. Just go inside tracker and look under the “Patch Management” interest. Here you will find cases such as:
- Last Windows Patch is older than 30 days
- Windows Update detection error
Here vScope actually does all work for you by providing you with pre built filters and reports. This will allow you to automatically track down machines in need of patching, great thing right? Remember you can subscribe to email updates about any case by hitting “Follow”.