/build/static/layout/Breadcrumb_cap_w.png

MS17-010 NonCompliant report.

I am trying to get a report out of KACE K1000 that shows the devices that don't have the patches contained within MS17-010. Does anyone have a report that can give me this information?

0 Comments   [ + ] Show comments

Answers (2)

Posted by: rockhead44 7 years ago
Red Belt
1
Lookup to see what the KB number is for your version(s) of Windows per  this article:

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Then put that KB into SQL as seen below after "SOFTWARE.DISPLAY_NAME like" and run as a new report on the K1000:

select MACHINE.*
                  from ORG1.MACHINE 
                  LEFT JOIN KBSYS.KUID_ORGANIZATION O ON O.KUID=MACHINE.KUID LEFT JOIN KBSYS.SMMP_CONNECTION C ON C.KUID = MACHINE.KUID AND O.ORGANIZATION_ID = 1
                 where ((((  (1 not in (select 1 from ORG1.SOFTWARE, ORG1.MACHINE_SOFTWARE_JT where MACHINE.ID = MACHINE_SOFTWARE_JT.MACHINE_ID and MACHINE_SOFTWARE_JT.SOFTWARE_ID = SOFTWARE.ID and SOFTWARE.DISPLAY_NAME like '%Security Update for Microsoft Windows (KB4012212)%'))))))



Comments:
  • I get SQL errors when I try this code. I'll see if I can tweak it and get it to work,

    ____________cut here_______cut here________
    . mysqli error: [1064: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ' from ORG1.MACHINE LEFT ' at line 2] in EXECUTE( "select MACHINE.* from ORG1.MACHINE LEFT JOIN KBSYS.KUID_ORGANIZATION O ON O.KUID=MACHINE.KUID LEFT JOIN KBSYS.SMMP_CONNECTION C ON C.KUID = MACHINE.KUID AND O.ORGANIZATION_ID = 1 where (((( (1 not in (select 1 from ORG1.SOFTWARE, ORG1.MACHINE_SOFTWARE_JT where MACHINE.ID = MACHINE_SOFTWARE_JT.MACHINE_ID and MACHINE_SOFTWARE_JT.SOFTWARE_ID = SOFTWARE.ID and SOFTWARE.DISPLAY_NAME like '%Security Update for Microsoft Windows (KB4012212)%')))))) LIMIT 0") - kallun 7 years ago
    • I do have Orgs enabled so I wonder if that's part of the problem. - rockhead44 7 years ago
  • This report won't be completely accurate because not all machines receive the update via that specific patch. Windows 10 machines receive it in a cumulative update, for instance. - chucksteel 7 years ago
    • The workaround for Windows 10 update verification is to check for all of the KBs from the initial one that addressed the vulnerability up to and including the most recent. This way you can identify all of the systems that are or are not in compliance, no matter what stage of Windows 10 updates they are in after the initial update that addressed the vulnerability. - Jackie Mac 7 years ago
Posted by: rock_star 7 years ago
4th Degree Black Belt
0
Just use %KB4012212% as software name would vary according to OS.
Like Microsoft Windows OS ( flavour like 7 , 7 x64 etc) ..

You can also check as below in device inventory

software title don't match regex KB4012212 | KB4012215 |KB4019264

Comments:
  • Any get the "software title - doest not match REGEX - KB401xxxx" option to work? For me, it still returns a list of machines with those (or one of those) KB's installed. I copied the quest report (report-3648 and also the Report-4548 version) and they work great to show compliance, but what good is that when I need to patch the ones that need still need the patch and I can't find out which machines those are?

    I'm still working on it, but if anyone has a working, tested and proven method to find machines non-compliant with MS17-010, please share the specific settings.

    Thanks - murbot 7 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ