Tech Tip: How to check Windows Patch against WannaCry using powercli

Another time we are hearing about a worldwide attack using a ransomware to stole money (bitcoins) and create services unavailability or data losses. One question in many company is asked to IT department :- Are we protect against this attack?-

It’s know that this attack, like the major part of the attacks, is permitted due a security bugs in Windows systems. For this reason, last month, Microsoft made available a patch to avoid this attack. But how many people already have updated their system?

You know, sometimes is difficult for many IT department to find the right time to apply updates and patches, because in 99% of cases it requires a reboot, with consequent unavailability or dependency problems. Answering the question for protection, if you’re in a VMware farm with many windows VMs in a domain controller, you could take the advantage of the powercli to getting the state of windows update for every window VM.

A note from Microsoft is released with its KBID: https://support.microsoft.com/en-us/help/4013389/title

Requirements

an vCenter account with enough privileges to execute a script using Invoke-VM script
an active directory administrator account (or with enough privileges) to execute Get-HotFix command
powercli (of course!)

The Script

Here the example:

$vCenter = "vcenter-ip-fqdn"
$winUser = "DOMAIN\Administrator"
$winPwd =  "password"
$checkHotFix = @("KB4019215","KB4012598", "KB4012216", "KB4012213", "KB4012217", "KB4012214", "KB4012215" , "KB4012212", "KB4013429" , "KB4012606", "KB4013198")
Foreach ($vm in (Get-VM | Get-VMGuest | Select-String "windows")){
    $vm = ($vm -split ":")[0]
    ## Test credentials 
    Try {
        $result = Invoke-VMScript -VM $vm -GuestUser $winUser -GuestPassword $winPwd -ScriptText "[System.Environment]::OSVersion.Version" -ErrorAction Stop
    }Catch{
        Write-Host "Invalid Credentials for $vm"
        continue
    }    
    Write-Host "----------------------------------"
    Write-Host "VM Name $vm"
    Write-Host "----------------------------------"
   
    $result = Invoke-VMScript -VM $vm -GuestUser $winUser -GuestPassword $winPwd -ScriptText "Get-HotFix | Select 'HotFixID'"    
    Foreach ($fix in $checkHotFix){   
         if ($result.Contains($fix)){
            Write-Host " $fix  Found"
         }
    }
    Write-Host "----------------------------------"

}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

$vCenter = "vcenter-ip-fqdn"

$winUser = "DOMAIN\Administrator"

$winPwd = "password"

$checkHotFix = @("KB4019215","KB4012598", "KB4012216", "KB4012213", "KB4012217", "KB4012214", "KB4012215" , "KB4012212", "KB4013429" , "KB4012606", "KB4013198")