I put this script together from a few different sources. It basically enumerates Active Directory and checks any 2008+ server for existence of KB patch for MS17-010.
MS17-010 patches a critical vulnerability discovered in Microsoft Windows operating systems that involve SMB exploits from a ShadowBrokers NSA dump of leaked NSA hacking tools. It’s been spreading from CPU miner payloads to Ransomware (WannaCry/WannaCry 2.0) etc.
import-module activedirectory $ErrorActionPreference= 'silentlycontinue' # *** SERVER VERSIONS *** # Server 2016 / Win10 - NT 10 # Server 2012 R2 / Win8.1 - NT 6.3 # Server 2012 / WIn8 - NT 6.2 # Server 2008 R2 / Win7 - NT 6.1 # Server 2008 / WinVista - NT 6.0 # Server 2003 R2 / WinXP64 - NT 5.2 # Server 2003 - NT 5.2 # WinXP - NT 5.1 $computers = get-adcomputer -filter * -properties * | select-object name,operatingsystem $computers | foreach { $hotfixes = @() $osdetect = $_.operatingsystem $computer = $_.name switch -wildcard($osdetect) { "*Server*2016*" { $hotfixes = @("KB4013429", "KB4019472", "KB4015217", "KB4015438", "KB401663") } "*Server*2012*R2*" { $hotfixes = @("KB4012216", "KB4015550", "KB4019215") } "*Server*2012" { $hotfixes = @("KB4012217", "KB4015551", "KB4019216") } # A bit of a hack, not sure how this displays... "*Server*2008*" { $hotfixes = @("KB4012212") } default {$hotfixes = NULL } # Do nothing if it isn't a server and not 2008-2016. } if ($hotfixes.count -gt 0) { $hotfixes | foreach { write-host "Checking $computer ($osdetect)..." if (!(get-hotfix -id $_ -computername $computer)) { write-host $computer "Missing ($_)" } } } else { write-host "Skipping $computer ($osdetect)..." } }