// This is the script to give summary on the main page.
Think IPM

Saturday, May 13, 2017

PSA: Powershell script to find unpatched machines. (WannaCry)

imageI’m not a programmer but PowerShell is really starting to grow on me lately.  Here is a quick script that will see if your servers are properly patched for the WannaCry ransomware exploit.

It’s not super fast but it should do the job.  I’m sure there are PLENTY of improvements to be made to it.  If you make any, please drop me (and everyone else) a note in the comments with your new improved version.

The script takes a file as input with a list of machine names in it (1 per line) and outputs that same server list with any appropriate hotfixes next to them.  Any names without hotfixes next to them should be investigated.

You can add additional hotfixes as they are released to the list below.

# List of all HotFixes containing the patch
$hotfixes = "KB4012212", "KB4019215", "KB4012217", "KB4012218",  "KB4015551", "KB4015552",  "KB4019216", "KB4012216", "KB4015549", "KB4015550", "KB4013429", "KB4019472", "KB4015217", "KB4015438", "KB4016635", "KB4019264"

$listofvms = Read-Host " Full path to VM txt file - (i.e. C:\Carlo\VMS.TXT)"
$guests =  get-content $listofvms

foreach ($guest in $guests) {

# Search for the HotFixes
$hotfix = Get-HotFix -ComputerName $guest | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID"

write-host -foregroundcolor yellow $guest $hotfix

}

image

As always with scripts on the internet, your mileage may vary and this script comes with no guarantees AT ALL.  Not responsible if it burns your house down, steals your mate or cancels your health insurance.

Click Here to Continue Reading >>

Friday, May 12, 2017

PSA : Patch your Windows Servers (MS17-010)

If you’ve seen the news today, there is a crippling ransom ware spreading across the globe.  I’ve seen reports that say at least 45k attacks hitting more than 74 countries in the past 10 hours.

The ransom ware is called ‘WannaCry’.  It will encrypt your desktop or server’s files and demand that users pay an initial $300 to unlock the files and the sum goes up with each passing hour.

imageThe patch to prevent the exploit can be found here [MS17-010] or just running Windows Update and updating to the latest patches will block the vulnerability.   The patch was released March 14th 2017.

If you have been infected, the patch will not remove the virus so best to be vigilant and process your updates ASAP.

Click Here to Continue Reading >>