detect_wannacry's People
detect_wannacry's Issues
Due to how MS is releasing new security-only rollups, this fact will incorrectly report systems as being vulnerable
We have a few systems saying they're vulnerable because they had a different patch that included the same fixes installed.
I suggest adding "KB4019213" to the check list.
If the above patch is installed then KB4019215 doesn't appear as installed via PowerShell
Those two KB's contain the same security fixes, see link below.
https://support.microsoft.com/en-us/help/4019215/windows-8-update-kb4019215
updated KBs
It appears that now all 2016 servers are showing as vulnerable. I dont know why or what is expected, but I do know that the srv.sys file no longer exists on my server. It looks to be replaced by srv2.sys. Thus, (when, and however this happens) 2016 servers will show as wannacry_vulnerable=true
.
patches still applicable for detecting wannacry
I know this was a bug in windows ages ago, but my nodes recently starting to show up as "true" again after previously showing false. Is there the possibility that a recent patch windows released has superceded the ones used in the detection mechanism and caused it to show as a false positve?
https://github.com/puppetlabs/detect_wannacry/blob/master/facts.d/wannacry_fact.ps1#L8
0.3.0 failing to detect hotfixes on windows 7 & 10
Hello
Thanks for making the module, however upgrading to 0.3.0 for the latest hotfix list made it all stop working on Windows 7 & 10.
The "new-object -com “Microsoft.Update.Searcher”" code doesn't work which is OK - I assume it is a server thing, but the search from Get-Hotifx returns empty for systems with the hotfix. I am sorry I don't know enough PowerShell to even start debugging
I even took a look at the original source at https://www.poweradmin.com/blog/how-to-check-for-ms17-010-and-other-hotfixes/ and couldn't get that working
Please let me know if I can help further
Windows 2008 (R2) support is spotty
Apparently there are issues with Windows 2008 (R2) displaying the full list of installed HotFixes. I'm not sure about the underlying cause, but here is another way to detect the hotfix list.
Additional KB's needed for Server 2008
Adding "KB4018466", "KB4012598"
Should cover Server 2008
https://support.microsoft.com/en-us/help/4018466/title
https://support.microsoft.com/en-us/help/4012598/title
One of the patches supersedes the other, so if its installed the other won't show up.
2k12r2 showing wannacry_vulnerable=true - even after all hotfixes applied
We have numerous servers (25+ now) showing wannacry_vulnerable as true. However, there are no more updates to be found. Here is a list of the updates installed on this 2k12r2 server:
[01]: KB2843630
[02]: KB2862152
[03]: KB2868626
[04]: KB2876331
[05]: KB2883200
[06]: KB2884846
[07]: KB2887595
[08]: KB2892074
[09]: KB2893294
[10]: KB2894029
[11]: KB2894179
[12]: KB2898514
[13]: KB2898871
[14]: KB2900986
[15]: KB2901128
[16]: KB2903939
[17]: KB2904266
[18]: KB2904440
[19]: KB2909210
[20]: KB2911106
[21]: KB2912390
[22]: KB2913152
[23]: KB2913270
[24]: KB2913760
[25]: KB2916036
[26]: KB2917929
[27]: KB2917993
[28]: KB2919355
[29]: KB2919394
[30]: KB2919442
[31]: KB2920189
[32]: KB2922229
[33]: KB2923300
[34]: KB2923528
[35]: KB2923768
[36]: KB2925418
[37]: KB2928193
[38]: KB2928680
[39]: KB2930275
[40]: KB2931366
[41]: KB2934520
[42]: KB2938066
[43]: KB2939087
[44]: KB2954879
[45]: KB2957189
[46]: KB2961072
[47]: KB2962123
[48]: KB2962806
[49]: KB2967917
[50]: KB2973201
[51]: KB2973351
[52]: KB2975061
[53]: KB2976897
[54]: KB2977292
[55]: KB2977765
[56]: KB2978041
[57]: KB2978126
[58]: KB2979576
[59]: KB2989930
[60]: KB2992611
[61]: KB2993651
[62]: KB3000850
[63]: KB3003057
[64]: KB3003743
[65]: KB3004361
[66]: KB3004365
[67]: KB3004394
[68]: KB3004545
[69]: KB3006137
[70]: KB3006226
[71]: KB3008242
[72]: KB3010788
[73]: KB3011780
[74]: KB3012702
[75]: KB3013172
[76]: KB3013410
[77]: KB3013538
[78]: KB3013769
[79]: KB3013791
[80]: KB3013816
[81]: KB3014029
[82]: KB3014442
[83]: KB3016074
[84]: KB3018467
[85]: KB3019978
[86]: KB3020338
[87]: KB3021674
[88]: KB3021910
[89]: KB3022777
[90]: KB3023222
[91]: KB3023266
[92]: KB3024751
[93]: KB3024755
[94]: KB3027209
[95]: KB3029603
[96]: KB3030377
[97]: KB3030947
[98]: KB3032663
[99]: KB3033446
[100]: KB3033889
[101]: KB3034348
[102]: KB3035017
[103]: KB3035126
[104]: KB3035132
[105]: KB3035527
[106]: KB3036612
[107]: KB3037579
[108]: KB3037924
[109]: KB3038002
[110]: KB3038562
[111]: KB3039066
[112]: KB3041857
[113]: KB3042058
[114]: KB3042085
[115]: KB3042553
[116]: KB3043812
[117]: KB3044374
[118]: KB3044673
[119]: KB3045634
[120]: KB3045685
[121]: KB3045717
[122]: KB3045719
[123]: KB3045746
[124]: KB3045755
[125]: KB3045992
[126]: KB3045999
[127]: KB3046017
[128]: KB3046359
[129]: KB3046737
[130]: KB3047255
[131]: KB3048043
[132]: KB3048778
[133]: KB3049989
[134]: KB3054169
[135]: KB3054203
[136]: KB3054256
[137]: KB3054464
[138]: KB3055323
[139]: KB3055343
[140]: KB3055642
[141]: KB3058168
[142]: KB3059316
[143]: KB3059317
[144]: KB3060383
[145]: KB3060681
[146]: KB3060716
[147]: KB3060793
[148]: KB3061468
[149]: KB3061512
[150]: KB3061518
[151]: KB3063843
[152]: KB3065013
[153]: KB3066441
[154]: KB3067505
[155]: KB3068457
[156]: KB3069392
[157]: KB3071663
[158]: KB3071756
[159]: KB3072595
[160]: KB3072630
[161]: KB3072633
[162]: KB3074228
[163]: KB3074548
[164]: KB3075220
[165]: KB3075249
[166]: KB3076895
[167]: KB3077715
[168]: KB3078405
[169]: KB3078601
[170]: KB3078676
[171]: KB3080042
[172]: KB3080149
[173]: KB3081320
[174]: KB3082089
[175]: KB3083325
[176]: KB3083992
[177]: KB3084135
[178]: KB3086255
[179]: KB3087038
[180]: KB3087039
[181]: KB3087041
[182]: KB3087088
[183]: KB3087137
[184]: KB3087390
[185]: KB3091297
[186]: KB3092601
[187]: KB3092627
[188]: KB3094486
[189]: KB3095701
[190]: KB3096411
[191]: KB3096433
[192]: KB3099834
[193]: KB3100473
[194]: KB3100956
[195]: KB3102467
[196]: KB3102939
[197]: KB3103616
[198]: KB3103696
[199]: KB3103709
[200]: KB3108381
[201]: KB3109103
[202]: KB3109976
[203]: KB3110329
[204]: KB3115224
[205]: KB3121261
[206]: KB3121461
[207]: KB3121918
[208]: KB3123242
[209]: KB3123245
[210]: KB3126033
[211]: KB3126041
[212]: KB3126434
[213]: KB3126587
[214]: KB3126593
[215]: KB3128650
[216]: KB3132080
[217]: KB3133043
[218]: KB3133690
[219]: KB3133924
[220]: KB3134179
[221]: KB3134815
[222]: KB3135994
[223]: KB3137061
[224]: KB3137728
[225]: KB3138602
[226]: KB3139164
[227]: KB3139398
[228]: KB3139914
[229]: KB3140219
[230]: KB3140234
[231]: KB3144850
[232]: KB3145384
[233]: KB3145432
[234]: KB3146604
[235]: KB3146723
[236]: KB3146751
[237]: KB3146978
[238]: KB3147071
[239]: KB3149157
[240]: KB3153704
[241]: KB3155784
[242]: KB3156059
[243]: KB3159398
[244]: KB3161949
[245]: KB3161958
What information can I provide to help fix this and keep this module up to date for other users?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.