Due to this topic getting more attention, I've taken the report Hendrik so kindly posted in the May Patch Tuesday topic to make it easier to find assets that might need patching.
This report gives a complete color-coded overview of all systems vulnerable to the RDS vulnerability (CVE-2019-0708). When the security hotfix is installed OR the Remote Desktop Service is stopped, the affected system is marked as 'not vulnerable'.
This report focusses on Windows XP and 2003, Windows 7 and Windows server 2008 and 2008 R2 as indicated by
Microsoft's CVE-2019-0708 advisoryUpdate: Patches from the June Patch Tuesday have been added to the report.
Select Distinct Top 1000000 Coalesce(tsysOS.Image,
tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblState.Statename As State,
Case tblAssets.AssetID
When SubQuery1.AssetID Then 'Yes'
Else 'No'
End As [CVE-2019-0708 Patched],
tblServiceState.State As [RDP Service Status],
Case
When tblAssets.AssetID = SubQuery1.AssetID Then 'No'
When tblServiceState.State Like 'Stopped' Then 'No'
Else 'Yes'
End As Vulnerable,
Case
When tblAssets.AssetID = SubQuery1.AssetID Then ''
Else Case
When tsysOS.OSname Like '%XP%' Or
tsysOS.OSname Like '%2003%' Then 'Install KB4500331'
When tsysOS.OSname = 'Win 2008' Then 'Install KB4499149,KB4499180, KB4503273 or KB4503287'
When tsysOS.OSname = 'Win 7' Or tsysOS.OSname = 'Win 7 RC' Or
tsysOS.OSname = 'Win 2008 R2' Then 'Install KB4499164, KB4499175, KB4503292 or KB4503269'
End
End As [Install one of these updates],
tsysOS.OSname As OS,
tblAssets.SP,
Case
When tblComputersystem.Domainrole > 1 Then 'Server'
Else 'Workstation'
End As [Workstation/Server],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssets.Lastseen,
Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) + ' days ago' As WindowsUpdateInfoLastScanned,
Case
When Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) > 7 Then
'Windows update information may not be up to date. We recommend rescanning this machine.'
Else ''
End As Comment,
Case
When tblAssets.AssetID = SubQuery1.AssetID Then '#d4f4be'
When tblServiceState.State Like 'Stopped' Then '#d4f4be'
Else '#ffadad'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering
Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID
= tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID In ('KB4499149', 'KB4499180',
'KB4499164', 'KB4499175', 'KB4500331','KB4503273','KB4503287','KB4503292','KB4503269')) As SubQuery1 On
tblAssets.AssetID = SubQuery1.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblOperatingsystem On tblOperatingsystem.AssetID =
tblAssets.AssetID
Left Join tsysIPLocations On tblAssets.IPNumeric >= tsysIPLocations.StartIP
And tblAssets.IPNumeric <= tsysIPLocations.EndIP
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select Distinct Top 1000000 tblAssets.AssetID As ID,
TsysLastscan.Lasttime As QuickFixLastScanned
From TsysWaittime
Inner Join TsysLastscan On TsysWaittime.CFGCode = TsysLastscan.CFGcode
Inner Join tblAssets On tblAssets.AssetID = TsysLastscan.AssetID
Where TsysWaittime.CFGname = 'QUICKFIX') As QuickFixLastScanned On
tblAssets.AssetID = QuickFixLastScanned.ID
Left Join (Select Distinct Top 1000000 tblAssets.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Inner Join tblAssets On tblAssets.AssetID = tblErrors.AssetID
Group By tblAssets.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Inner Join tblServices On tblAssets.AssetID = tblServices.AssetID
Inner Join tblServicesUni On tblServicesUni.ServiceuniqueID =
tblServices.ServiceuniqueID
Inner Join tblServiceState On tblServiceState.StateID = tblServices.StateID
Where tblAssets.AssetID Not In (Select Top 1000000 tblAssets.AssetID
From tblAssets Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tsysOS.OSname Like 'Win 7%' And tblAssets.SP = 0) And
tsysOS.OSname Not Like '%2000%' And tsysOS.OSname Not Like '%2016%' And
tsysOS.OSname Not Like '%win 10%' And tsysOS.OSname Not Like '%2012%' And
tsysOS.OSname Not Like '%8.1%' And
tsysOS.OSname Not Like '%2019%' And tblServicesUni.Name Like '%TermService%'
And tsysAssetTypes.AssetTypename Like 'Windows%' And tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName