This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Checking MS17-010 patch is installed
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-29-2017 09:51 AM
We can use lansweeper to check if MS17-010 was correctly installed on windows system, follow these steps:
-first add a custom File scanning into lansweeper, the file to check is '%windir%\system32\drivers\srv.sys'
following the idea you can find here: How to verify that MS17-010 is installed
-create a report to check if MS17-010 has problem or not, it has to check operating system version and consequently the srv.sys file version
Feel free to correct it or suggest improvements
-first add a custom File scanning into lansweeper, the file to check is '%windir%\system32\drivers\srv.sys'
following the idea you can find here: How to verify that MS17-010 is installed
-create a report to check if MS17-010 has problem or not, it has to check operating system version and consequently the srv.sys file version
Feel free to correct it or suggest improvements
Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblOperatingsystem.Caption As SO,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When (tblOperatingsystem.Caption = 'Microsoft Windows 7 Professional' And
(Replace(SubQuery1.FileVersion, '.', '') > Replace('6.1.7601.23689', '.',
''))) Then 'OK'
When (tblOperatingsystem.Caption Like 'Microsoft Windows Server 2012 R2%'
And (Replace(SubQuery1.FileVersion, '.', '') > Replace('6.3.9600.18604',
'.', ''))) Then 'OK'
When (tblOperatingsystem.Caption Like 'Microsoft(R) Windows(R) Server 2003%'
And (Replace(SubQuery1.FileVersion, '.', '') > Replace('5.2.3790.6021', '.',
''))) Then 'OK'
When (tblOperatingsystem.Caption =
'Microsoft Windows Server 2008 R2 Standard' And
(Replace(SubQuery1.FileVersion, '.', '') > Replace('6.1.7601.23689', '.',
''))) Then 'OK' Else 'ERR' End As [MS17-010],
TsysLastscan.Lasttime As LastFileScan,
Case SubQuery1.Found When 1 Then 'Yes' Else 'No' End As FileFound,
SubQuery1.FileVersion,
SubQuery1.CompanyName,
SubQuery1.LastModified,
SubQuery1.Lastchanged,
Case
When TsysLastscan.Lasttime < GetDate() -
1 Then
'Last file scan more than 24 hours ago!' End As Comment,
SubQuery1.PatchSearched
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join TsysLastscan On tblAssets.AssetID = TsysLastscan.AssetID
Inner Join TsysWaittime On TsysWaittime.CFGCode = TsysLastscan.CFGcode
Left Join (Select Top 1000000 tblFileVersions.AssetID,
tblFileVersions.FilePathfull As PatchSearched,
tblFileVersions.Found,
tblFileVersions.FileVersion,
tblFileVersions.CompanyName,
tblFileVersions.Filesize,
tblFileVersions.Lastchanged,
tblFileVersions.CreationDate,
tblFileVersions.LastAccessed,
tblFileVersions.LastModified
From tblFileVersions
Where tblFileVersions.FilePathfull Like '%srv.sys') SubQuery1
On SubQuery1.AssetID = tblAssets.AssetID
Inner Join tblOperatingsystem
On tblAssets.AssetID = tblOperatingsystem.AssetID
Where tblAssetCustom.State = 1 And TsysWaittime.CFGname = 'files'
Order By tblAssets.Domain,
tblAssets.AssetName
Labels:
- Labels:
-
Report Center
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-05-2017 03:35 PM
You are right! I added a new option in "case/when" condition to check if file "SRV.SYS" exists or not
Select Top 1000000 tsysOS.Image As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblOperatingsystem.Caption As SO,
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tblAssets.Lastseen,
tblAssets.Lasttried,
Case
When (SubQuery1.Found!=1) Then 'NO SRV.SYS'
When (tblOperatingsystem.Caption = 'Microsoft Windows 7 Professional' And (Replace(SubQuery1.FileVersion, '.', '') > Replace('6.1.7601.23689', '.',''))) Then 'OK'
When (tblOperatingsystem.Caption Like 'Microsoft Windows Server 2012 R2%' And (Replace(SubQuery1.FileVersion, '.', '') > Replace('6.3.9600.18604','.', ''))) Then 'OK'
When (tblOperatingsystem.Caption Like 'Microsoft(R) Windows(R) Server 2003%' And (Replace(SubQuery1.FileVersion, '.', '') > Replace('5.2.3790.6021', '.',''))) Then 'OK'
When (tblOperatingsystem.Caption = 'Microsoft Windows Server 2008 R2 Standard' And (Replace(SubQuery1.FileVersion, '.', '') > Replace('6.1.7601.23689', '.',''))) Then 'OK' Else 'ERR' End As [MS17-010],
TsysLastscan.Lasttime As LastFileScan,
Case SubQuery1.Found When 1 Then 'Yes' Else 'No' End As FileFound,
SubQuery1.FileVersion,
SubQuery1.CompanyName,
SubQuery1.LastModified,
SubQuery1.Lastchanged,
Case
When TsysLastscan.Lasttime < GetDate() -
1 Then
'Last file scan more than 24 hours ago! Scanned file information may not be up-to-date. Try rescanning this machine.' End As Comment,
SubQuery1.PatchSearched
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join TsysLastscan On tblAssets.AssetID = TsysLastscan.AssetID
Inner Join TsysWaittime On TsysWaittime.CFGCode = TsysLastscan.CFGcode
Left Join (Select Top 1000000 tblFileVersions.AssetID,
tblFileVersions.FilePathfull As PatchSearched,
tblFileVersions.Found,
tblFileVersions.FileVersion,
tblFileVersions.CompanyName,
tblFileVersions.Filesize,
tblFileVersions.Lastchanged,
tblFileVersions.CreationDate,
tblFileVersions.LastAccessed,
tblFileVersions.LastModified
From tblFileVersions
Where tblFileVersions.FilePathfull Like '%srv.sys') SubQuery1
On SubQuery1.AssetID = tblAssets.AssetID
Inner Join tblOperatingsystem
On tblAssets.AssetID = tblOperatingsystem.AssetID
Where tblAssetCustom.State = 1 And TsysWaittime.CFGname = 'files'
Order By tblAssets.Domain,
tblAssets.AssetName
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-04-2017 03:55 PM
It's a good report but with one flaw, if you uninstall SMB from a computer it also removes srv.sys from the computer. If you scan a computer and run the report it displays ERR in the MS17-010 column.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-03-2017 04:14 PM
Yes, you are right, the report linked by you is more completed, but I was looking for a solution to check if that specific updated was installed, not by the HotFixID but instead reading file version (we experienced some case with right HotFixID but srv.sys file not updated).
Thanks for your reply.
Thanks for your reply.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-03-2017 02:06 PM
We would like to thank you for the report you have provided the Lansweeper community with. However, it does not include all possible hotfixes that are available for all Windows operating systems. We would like to link an additional forum topic to this where we have provided our customers with a report that checks if the necessary hotfixes are installed on a Windows asset. If not, the report will give back the asset as vulnerable. The report can be found here.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Scanning ForcePoint Appliances in General Discussions
- Prerequisite check for linking with cloud failing in General Discussions
- How to install self-signed SSL certificate on Lansweeper on-premises? in Technical Troubleshooting
- Does Lansweeper allow to patch the vulnerabilities of software installed? in Technical Troubleshooting
- WMI.. The RPC server is unavailable in General Discussions
