Back
Featured image of post Check if all WannaCry related Hotfixes are installed

Check if all WannaCry related Hotfixes are installed

You can and should check all systems in your Active Directory

I was asked if there is an easy way to check the complete Active Directory for systems that miss the WannaCry related Hotfixes are installed.

Yep! And it’s even easy to do.

Update: Based upon several requests, I also published a small tool that could do the Job. You will find the tool (freeware) on GitHub.

Here is a (updated!!!) Gist I created to do the job:

#requires -Version 2.0 -Modules ActiveDirectory

<#
       .SYNOPSIS
       Check if all systems have the WannaCry related Hotfixes installed

       .DESCRIPTION
       Check if all systems have the WannaCry related Hotfixes installed.
       Checks given Computers, or all server systems found in the Active Directory (default)

       .PARAMETER ComputerList
       Name, or list of computers to check

       .EXAMPLE
       # Check if WindowsServer1 have all WannaCry related hotfixes installed
       PS C:\> .\who_needs_wannacry_patches.ps1 -ComputerList 'WindowsServer1'

       .EXAMPLE
       # Check if WindowsServer1 and WinDC01 have all WannaCry related hotfixes installed
       # In this example the Server WinDC01 is unreachable.
       PS C:\> .\who_needs_wannacry_patches.ps1 -ComputerList 'WindowsServer1','WinDC01'

       WARNING: WinDC01 is offline or unreachable.

       .EXAMPLE
       # Check all systems found in the Active Directory have all WannaCry related hotfixes installed
       # In this example the System ZRHW10VM01 is missing some of the WannaCry hotfixes
       PS C:\> .\who_needs_wannacry_patches.ps1

       WARNING: ZRHW10VM01 is missing WannaCry hotfix

       .NOTES
       Advice:
       You need to review and tweak the Filter in Line 76
       Please note, that the WannaCry problem doesn't apply to Windows 10 (Just in case you change the filter to clients)

       History:
       2017-05-15 - Add the following KB4015549, KB4015552, KB4015553, and KB4019264
       2017-05-15 - Another tweak to the Filter (Line 76) to avoid Windows 10 but covers all other Windows OSes
       2017-05-15 - The newer version contains a fixed KB List / Removed the Signature
       2017-05-12 - Inital Version WannaCry

       License:
       Public Domain

       General:
       The code is provided 'as is,' with all possible faults, defects or errors, and without warranty of any kind.

       .LINKS
       https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
       https://hochwald.net/check-wannacry-related-hotfixes-installed/
#>
param
(
	[Parameter(ValueFromPipeline = $true,
				  ValueFromPipelineByPropertyName = $true,
				  Position = 1)]
	[string[]]
	$ComputerList
)

begin
{
	# List of fixes we search for, in this case all fixes relates to WannaCry
	# Source List: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx and feedback
	$hotfixes = 'KB4012212', 'KB4012213', 'KB4012214', 'KB4012215', 'KB4012216', 'KB4012217', 'KB4012598', 'KB4012606', 'KB4013198', 'KB4013429', 'KB4015217', 'KB4015438', 'KB4015549', 'KB4015550', 'KB4015551', 'KB4015552', 'KB4015553', 'KB4016635', 'KB4019215', 'KB4019216', 'KB4019264', 'KB4019472'
}

process
{

	if (-not ($ComputerList))
	{
		try
		{
			# Filter for all Windows Systems, ignore our Mac's an Windows 10
			$ComputerList = Get-ADComputer -Filter {
				(OperatingSystem -Like 'Windows*') -and (OperatingSystem -notlike '*Windows 10*')
			} | Select-Object -ExpandProperty 'Name'
		}
		catch
		{
			Write-Error -Message 'Unable to get the List of computers from the Active Directory' -ErrorAction Stop
		}
	}

	# Loop over the List of computers
	foreach ($computer in $ComputerList)
	{
		if (-not (Test-Connection -TargetName $computer -Count 1 -Quiet))
		{
			Write-Verbose "$computer is possibly offline or unreachable (Try anyway)."
		}

		try
		{
			$hotfix = Get-HotFix -ComputerName $computer |
			Where-Object -FilterScript {
				$hotfixes -contains $_.HotfixID
			} |
			Select-Object -ExpandProperty 'HotFixID'

			if ($hotfix)
			{
				Write-Verbose -Message "$computer has hotfix $hotfix installed"
			}
			else
			{
				Write-Warning -Message "$computer is missing WannaCry hotfix"
				continue
			}
		}
		catch
		{
			Write-Warning -Message "Unable to get Hostfix Info from $computer"
			continue
		}
	}
}

<#
       I removed the signature to make it easier for others to adopt it (e.g. Tweak or changes)
       If you need a signed version, just drop me a line and I can sign one for you.

       NOTE: If you change something, upload it as Gist to GitHub and send me the link.

       And yes, I'll sign the script for free! Why not? (Before you ask!)
#>

This is script is based on an existing script that I use to and filter infos from the Active directory.