we cannot locate updates on MS17-010 on Kaseya patch management. we are using the hosted version. any ideas why that might be?
Does it show up as 4013389?
I have been looking trying to figure out if we are covered or not also last night. I did do a filter and did find MS17-010 SB but the patches that show up for that are 4012598 for 2008 servers and windows vista?
Also it might be that I don't fully understand the new windows update information in the document technet.microsoft.com/.../ms17-010.aspx. Could it be that my servers don't have (SMBv1) turned on so it will not need the patch?
If you read this: support.microsoft.com/.../title and look down to the additional information, it looks like MS17-010 does point to the patch 4012598 that you mentioned.
i was able to install on one machine manually. I had to download the msu.
however, even if we try and search for new updates form the workstation directly, none of those patches are listed. so i am not sure what the issue is.
I did find this help document. It seems if you machines don't need the update it will no show. Just need to figure out how to confirm that it is working correctly.
Is there not different updates base up on OS? Also, I see it in my VSA, but when I go to Patch Update, select ex KB4019264 for the May Quarterly Rollup, I only see a handful of machines to patch. If I use my view for this missing (Win 7) I see > 100. The view and Patch Management don't match up.
The best way I've found so far to do this (check for all 10 patches) is as follows:
1) Log in to your VSA and create a new View (I called mine "-Missing MS17-010-Related Patches"), and set it to look for a "Missing" KB called WannaCry
2) On your SQL server, run a query for the Views (SELECT * FROM viewDef ORDER BY viewName ASC) and locate the viewId of the View you just created
3) Filter your Server > Databases > ksubscribers > Views list (use the funnel) looking for fvFilterView with the name fvFilterView_______ (where _______ is the viewId from Step 2)
4) Right-click the View and choose Design
5) Change the last line's contents as follows:
BEFORE: AND psw.MKB.kbArticleID = 'WannaCry')
AFTER: AND psw.MKB.kbArticleID IN ('4012598', '4012216', '4012213', '4012217', '4012214', '4012215', '4012212', '4013429', '4012606', '4013198'))
*Note - Don't forget there's a 2nd closing parentheses at the end after the IN clause we just added... it won't let you save this View unless it's there, it's easy to copy-paste over top of this accidentally
6) Save the View in the SQL Management Studio and don't touch it in the VSA (otherwise you'll have to make the modification above again, as the UI can only handle searching for a single KB article
7) Refresh the VSA UI and you should then only have a list of those machines that are missing any of the 10 KB articles mentioned
As for the /inverse/ of this (show me the machines that are good), the issue here is two fold: 1) The VSA will not show you patches that the machine does not explicitly need (according to Windows Update) per Kaseya's KB mentioned earlier and 2) There are security rollups after this one that have also patched this vulnerability, so remember, you're looking at March only.
HTH, and if anyone can do this better, please share, because this week is gonna be rough on all of us...
Does KB4019264 include MS17-010 ?
Brian Dagan, thanks for the SQL hack! I was up until 3am last night writing an audit script, which I made available for free on our ClubMSP site. clubmsp.com/.../ms17-10-audit
For those of you that are looking for this update, as Brian eluded to, the MS17-10 is really a bunch of different KB articles, depending on the version of the OS and whether or not it was applied as a single security patch or as part of a roll-up. The patch came out in March, so it is likely that you have already approved it.
This looks good, but how do I filter for the correct view? I clicked the filter button, but there are only four properties and I don't see any way to add the fvFilterView property.
Chris, how do you get a list of devices that did not install MS17-010? Write a report to read the Procedure Logs, or can you create a view that looks for the MS17-010 Not Installed?
I made a procedure that runs the following PowerShell script and writes the output to a variable and writes it to a custom field in SystemInfo. Then just make a new view in Kaseya where that custom field includes "Didn't Find HotFix"