MS17-010 NonCompliant report.
I am trying to get a report out of KACE K1000 that shows the devices that don't have the patches contained within MS17-010. Does anyone have a report that can give me this information?
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
rockhead44
7 years ago
Lookup to see what the KB number is for your version(s) of Windows per this article:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Then put that KB into SQL as seen below after "SOFTWARE.DISPLAY_NAME like" and run as a new report on the K1000:
select MACHINE.*
from ORG1.MACHINE
LEFT JOIN KBSYS.KUID_ORGANIZATION O ON O.KUID=MACHINE.KUID LEFT JOIN KBSYS.SMMP_CONNECTION C ON C.KUID = MACHINE.KUID AND O.ORGANIZATION_ID = 1
where (((( (1 not in (select 1 from ORG1.SOFTWARE, ORG1.MACHINE_SOFTWARE_JT where MACHINE.ID = MACHINE_SOFTWARE_JT.MACHINE_ID and MACHINE_SOFTWARE_JT.SOFTWARE_ID = SOFTWARE.ID and SOFTWARE.DISPLAY_NAME like '%Security Update for Microsoft Windows (KB4012212)%'))))))
Comments:
-
I get SQL errors when I try this code. I'll see if I can tweak it and get it to work,
____________cut here_______cut here________
. mysqli error: [1064: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ' from ORG1.MACHINE LEFT ' at line 2] in EXECUTE( "select MACHINE.* from ORG1.MACHINE LEFT JOIN KBSYS.KUID_ORGANIZATION O ON O.KUID=MACHINE.KUID LEFT JOIN KBSYS.SMMP_CONNECTION C ON C.KUID = MACHINE.KUID AND O.ORGANIZATION_ID = 1 where (((( (1 not in (select 1 from ORG1.SOFTWARE, ORG1.MACHINE_SOFTWARE_JT where MACHINE.ID = MACHINE_SOFTWARE_JT.MACHINE_ID and MACHINE_SOFTWARE_JT.SOFTWARE_ID = SOFTWARE.ID and SOFTWARE.DISPLAY_NAME like '%Security Update for Microsoft Windows (KB4012212)%')))))) LIMIT 0") - kallun 7 years ago-
I do have Orgs enabled so I wonder if that's part of the problem. - rockhead44 7 years ago
-
This report won't be completely accurate because not all machines receive the update via that specific patch. Windows 10 machines receive it in a cumulative update, for instance. - chucksteel 7 years ago
-
The workaround for Windows 10 update verification is to check for all of the KBs from the initial one that addressed the vulnerability up to and including the most recent. This way you can identify all of the systems that are or are not in compliance, no matter what stage of Windows 10 updates they are in after the initial update that addressed the vulnerability. - Jackie Mac 7 years ago
Posted by:
rock_star
7 years ago
Just use %KB4012212% as software name would vary according to OS.
Like Microsoft Windows OS ( flavour like 7 , 7 x64 etc) ..
You can also check as below in device inventory
software title don't match regex KB4012212 | KB4012215 |KB4019264
Like Microsoft Windows OS ( flavour like 7 , 7 x64 etc) ..
You can also check as below in device inventory
software title don't match regex KB4012212 | KB4012215 |KB4019264
Comments:
-
Any get the "software title - doest not match REGEX - KB401xxxx" option to work? For me, it still returns a list of machines with those (or one of those) KB's installed. I copied the quest report (report-3648 and also the Report-4548 version) and they work great to show compliance, but what good is that when I need to patch the ones that need still need the patch and I can't find out which machines those are?
I'm still working on it, but if anyone has a working, tested and proven method to find machines non-compliant with MS17-010, please share the specific settings.
Thanks - murbot 7 years ago
