If you've stumbled upon this post you are probably well-aware of the Win32/WannaCrypt Ransomware, better known as WannaCry: we already talked about it in this other post, which contains an extensive list of links to download the various patches to shield almost any Windows-based operating system against this dangerous treat.
However, you might also need to find a way to quickly check if your system is effectively protected against WannaCry or not: this could come very handy if you are a System Administrator and you don't know which server is missing the updates or not. Altough the best suggestion we can give would always be "patch everything", you can also use this great PowerShell script (which we stole from this great post from SpiceWorks community site - credits to CarlosTech for the great job):
1 2 3 4 5 6 7 8 9 10 11 12 13 |
#list of all the hotfixes from https://technet.microsoft.com/en-us/library/security/ms17-010.aspx $hotfixes = "KB3205409", "KB3210720", "KB3210721", "KB3212646", "KB3213986", "KB4012212", "KB4012213", "KB4012214", "KB4012215", "KB4012216", "KB4012217", "KB4012218", "KB4012220", "KB4012598", "KB4012606", "KB4013198", "KB4013389", "KB4013429", "KB4015217", "KB4015438", "KB4015546", "KB4015547", "KB4015548", "KB4015549", "KB4015550", "KB4015551", "KB4015552", "KB4015553", "KB4015554", "KB4016635", "KB4019213", "KB4019214", "KB4019215", "KB4019216", "KB4019217", "KB4019218", "KB4019263", "KB4019264", "KB4019265", "KB4019472", "KB4015221", "KB4019474", "KB4015219", "KB4019473", "KB4022168", "KB4022722", "KB4022717", "KB4022718", "KB4022720", "KB4022723", "KB4022724", "KB4032693", "KB4032695" #checks the computer it's run on if any of the listed hotfixes are present $hotfix = Get-HotFix -ComputerName $env:computername | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID" #confirms whether hotfix is found or not if (Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID}) { "Found HotFix: " + $hotfix.HotFixID } else { "Didn't Find HotFix" } |
As we can see, this will check all the relevant hotfixes released by Microsoft containing the fix for the MS17-010 Jump issue - the one used by WannaCry to perform its attack. Using it is just as easy as copy the given source code, paste it into a PowerShell command prompt and press Enter to execute it.
Once you do that, it will return one of the following strings:
- Found Hotfix XXXX, if your system is protected.
- Didn't Find HotFix, if your system is NOT protected.
Needless to say, if you're receiving the latter, you should really need to take a good look here and apply the relevant patch before it's too late.
That's it for now: happy check!
Hello, great post, thank you for spending your time on this issue.
I would like to say ; i tried it on my uptodate (Nov.28) windows 10 machine and it report as Didnt find hotfix. I thought maybe win10 doesnt need to include these updates at alll, or is my computer realy vulnerable ?
Hello, thank you!
Actually Win10 does need the MS17-010 patch as well, it’s just that the previous KB have been merged into the june 2017 update rollup pack(s), which was released after this post.
That said, I just updated the above PS script to check for them as well: if you run it now you should be able to find the KB4032695, KB4032693 or KB4022723 according to your Win10 version.
You re great ! Thank you for informing me so fast and your script update. Have a nice day.