This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Wannacry Patch push with Lansweeper

SouthySuper
Engaged Sweeper III

‎05-14-2017 06:56 AM - last edited on ‎07-04-2023 05:36 PM by Lansweeper Tech Support

Microsoft update catalog (example):

http://catalog.update.microsoft.com/v7/site/search.aspx?q=4012598

I downloaded all the packages for our environment (renamed each because they are ridiculously long file names). I then used lansweeper to create a deployment package consisting of several commands like:

wusa.exe \\sharename\patch.msu /quiet /norestart

Labels:
package.xml
Preview file
5 KB
13 REPLIES 13
SouthySuper
Engaged Sweeper III

‎05-17-2017 03:07 PM

I ended up revising mine quite a bit from my original example. I found out I had an odd server version in one case and way too many windows 10 variations. Using the lansweeper report helps to identify which updates need to be added to your deployment. I'm not sure if MS mentioned it but both 2008r2 and 2012r2 must be on at least sp1 or the cumulative update in order for the patches to install (otherwise you'll get error about not applying to your system). Good luck everyone.
0 Kudos
helpdesktrv
Engaged Sweeper II

‎05-17-2017 02:44 PM

Thank you very much. It worked for us for Windows 7.
Now we have to do the same on computers running Windows XP. For this OS there is the KB4012598 for WannaCry update.
But since it is a .exe file that needs user intervention (Next, "Accepts EULA", etc.), we can not make silent installation. Can you help us to do this please?
0 Kudos
SouthySuper
Engaged Sweeper III

‎05-15-2017 09:33 PM

This lansweeper report can be used for the sheduled deployment.
https://www.lansweeper.com/forum/yaf_postsm50430_Ransomware--MS17-010-Windows-computers-that-are-potentialy-vulnerable.aspx#post50430

My example was just a rough draft, but can be used to push all known patches, if each does not apply it fails silently then goes to next and so on. WSUS/SCCM is best for patch deloyment, but this is quick and gets the most critical patches pushed immediately. Hope this helps
0 Kudos
nointegerallowe
Engaged Sweeper

‎05-15-2017 09:22 PM

Will this detect the correct O/S and install the appropriate patches or is this relying on the install packages to do that?
0 Kudos

Deployment Packages

Share topics/ issues related to deployment packages. Please use/rely on content with caution as it is publicly generated.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now
Top