Conversation
Notices
-
@mcscx@quitter.se (mcscx@quitter.se)'s status on Thursday, 18-May-2017 19:56:54 UTC @mcscx@quitter.se @dadegroot do you have a method to find out if a Win7 box needs to be patched manually? Many Win7s here have neither kb4012215 nor 4012212 -
David de Groot 𓆉 (dadegroot@mastodon.social)'s status on Thursday, 18-May-2017 20:00:56 UTC David de Groot 𓆉 @mcscx I have a powershell script I'm running across our fleet of Win10 machines. We don't have many 7's left, however, the nmap script I used to do a network scan picked up a couple of 7's that needed patching earlier in the week.
https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/smb-vuln-ms17-010.nse
Run with:
sudo nmap -sC -p445 --open --max-hostgroup 3 -Pn --script smb-vuln-ms17-010.nse network/mask
@mcscx@quitter.se and ☠️ Grumpy Oldman like this.@mcscx@quitter.se repeated this. -
David de Groot 𓆉 (dadegroot@mastodon.social)'s status on Thursday, 18-May-2017 20:06:10 UTC David de Groot 𓆉 @mcscx powershell script (run locally):
https://www.dropbox.com/s/pq681ruqmu95lqk/testMS17.ps1?dl=0
It will email whoever you configure in the script if it finds the host is vulnerable.
@mcscx@quitter.se and ☠️ Grumpy Oldman like this.@mcscx@quitter.se repeated this. -
@mcscx@quitter.se (mcscx@quitter.se)'s status on Thursday, 18-May-2017 20:39:20 UTC @mcscx@quitter.se @dadegroot Thx :-) -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Thursday, 18-May-2017 21:21:17 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} @mcscx I believe one can use #Powershell to query which #MSFT patches are installed. -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Thursday, 18-May-2017 21:56:40 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} @mcscx See https://nu.federati.net/url/33232 -
LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} (lnxw48a1@nu.federati.net)'s status on Thursday, 18-May-2017 21:59:06 UTC LinuxWalt (@lnxw48a1) {3EB165E0-5BB1-45D2-9E7D-93B31821F864} And it looks like you've got everything you need already. /me grumbles *partial conversations* -
@mcscx@quitter.se (mcscx@quitter.se)'s status on Thursday, 18-May-2017 23:58:26 UTC @mcscx@quitter.se @lnxw48a1 thx anyway, still interesting. -
@mcscx@quitter.se (mcscx@quitter.se)'s status on Friday, 19-May-2017 00:08:12 UTC @mcscx@quitter.se @dadegroot that #nmap dectection method is really beautiful, thx!! Probably it could even be used to find #vulnerable PCs in a public wifi -
David de Groot 𓆉 (dadegroot@mastodon.social)'s status on Friday, 19-May-2017 00:27:59 UTC David de Groot 𓆉 @mcscx It's not perfect, but it's pretty handy for a quick check. Had a similar scan going for the Intel AMT bug earlier in the week.
@mcscx@quitter.se repeated this.
-