Thursday, May 18, 2017

WannaCrypt - Missing KB's?

After this weeks WannaCrypt fiasco I found a couple posted scripts for scanning a domain to check if servers had the necessary patches installed to mitigate against the vulnerability. After patching a couple of systems that the scripts said were vulnerable I found that they kept reporting that the patches were missing. Upon reviewing Get-Hotfix and doing a stare and compare at what was showing as having been installed via the "View Update History" I noticed that there were missing KB's.

The output from Get-Hotfix, you can see there are only 6 KB’s that start with KB40…

If I look at the Update History on the server I see there are some missing ones:

After a bit of research I found that this post on TechNet from Mervyn Zhang:

Windows Update and Office update are separated in two catalogs. Get-hotfix which leverage Win32_QuickFixEngineering only lists Windows updates. Starting with Windows Vista, Win32_QuickFixEngineering returns only the updates supplied by Component Based Servicing (CBS). These updates are not listed in the registry. Updates supplied by Microsoft Windows Installer (MSI) or the Windows update site ( are not returned by Win32_QuickFixEngineering. For your information:  Understanding Component-Based Servicing

 I then devised the following script that searched the Windows Update Agent COM Object for all KB's installed on a system including rollups and CU's. To download the script grab it from TechNet:

1 comment:

  1. Star CNC machines set the usual for the industry end result of|as a outcome of} we're continuously innovating and investing within the latest technology. Our clients know that a Star CNC machine can effortlessly handle the pains and requirements of today’s manufacturing demands. I have have} been addicted to the CNC router for woodworking with software changer for a few of} years}, however initially it's costly for my cupboard shop. LNC controller is user-friendly and professional Heated Blanket Queen Size for cupboard making.