Britec Tech Support Forum

Britec Tech Support Forum > Technical Support > Operating Systems > Windows 10 > Powershell error when checking if MS17 010 is installed Wannacry Ransomware Patch
Full Version: Powershell error when checking if MS17 010 is installed Wannacry Ransomware Patch
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

WinXPto10

04-19-2018, 03:00 PM
please i would like to know why powershell gives me error even though i did run as administrator? i am using Fall Creators Update
[attachment=3573]
Copied from powershell errors:
Code:
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> # This script will check the ms17-010 vulnerability is patched using 2 methods as per the link b
elow.
PS C:\Windows\system32> # The first method is by detecting that one of the applicable kb numbers given by microsoft are
installed on a device.
PS C:\Windows\system32> # The second is by verifying the srv.sys file is patched (of an appropriate version depending up
on windows version).
PS C:\Windows\system32> #
PS C:\Windows\system32> # Reference: https://support.microsoft.com/en-ca/help/4023262/how-to-verify-that-ms17-010-is-ins
talled
PS C:\Windows\system32>
PS C:\Windows\system32>
PS C:\Windows\system32> # List of all HotFixes containing the patch
PS C:\Windows\system32> $hotfixes = "KB4012216", "KB4012217", "KB4012218", "KB4012219", "KB4012220", "KB4012598", "KB401
2606", "KB4013198", "KB4013429", "KB4015217", "KB4015219", "KB4015221", "KB4015549", "KB4015550", "KB4015551", "KB401555
2", "KB4015553", "KB4015554", "KB4016635", "KB4016636", "KB4016637", "KB4019213", "KB4019214", "KB4019215", "KB4019216",
"KB4019217", "KB4019218", "KB4019263", "KB4019264", "KB4019265", "KB4019472", "KB4019473", "KB4019474", "KB4022719", "K
B4022168", "KB4022722", "KB4022726", "KB4022717", "KB4022723", "KB4022715", "KB4023680"
PS C:\Windows\system32> $HotfixInstalled = '0'
PS C:\Windows\system32>
PS C:\Windows\system32> Try
>>        {
>>
>> # Search for the HotFixes
>> $hotfix = Get-HotFix -ComputerName $env:computername | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object
-property "HotFixID"
>>
>>
>> # See if the HotFix was found
>> if ($hotfix) {
>>
>>    $IDs = ""
>>    $hotfix | %{$IDs += ($(if($IDs){", "}) + $_.HotFixID)}
>>
>>    Write-Host "Found HotFix(es): $IDs."
>>    $HotfixInstalled = '1'
>>    $HotfixName = "Found HotFix(es): $IDs."
>>
>> } else {
>>
>>    Write-Host "Did not Find HotFix. Please check and update this device."
>>    $HotfixInstalled = '0'
>>    $HotfixName = "Did not find Hotfix."
>>
>>    }
>>
>>
>> # mark Win10v1703 as OK since its not affected by MS17-010, thanks to Andrew Harvey!
>> if (((Get-WmiObject Win32_OperatingSystem).Name -match 'Windows 10') -and ((Get-WmiObject Win32_OperatingSystem).Vers
ion -match '15063'))
>> {
>>    $HotfixInstalled = '1'
>>    $HotfixName = "Found Windows 10 v1703 which is OK without a patch KB."
>> }
>>
>> } Catch {
>>    $HotfixInstalled = '0'
>>    $HotfixName = "Check for patch number failed."
>> }
Did not Find HotFix. Please check and update this device.
PS C:\Windows\system32>
PS C:\Windows\system32>
PS C:\Windows\system32>
PS C:\Windows\system32>
PS C:\Windows\system32> $srvsysPatched = '0'
PS C:\Windows\system32> $srvsysVersion = "0"
PS C:\Windows\system32>
PS C:\Windows\system32> [reflection.assembly]::LoadWithPartialName("System.Version")
PS C:\Windows\system32> $os = Get-WmiObject -class Win32_OperatingSystem
PS C:\Windows\system32> $osName = $os.Caption
PS C:\Windows\system32> $s = "%systemroot%\system32\drivers\srv.sys"
PS C:\Windows\system32> $v = [System.Environment]::ExpandEnvironmentVariables($s)
PS C:\Windows\system32>
PS C:\Windows\system32> If (Test-Path "$v")
>>    {
>>    Try
>>        {
>>        $versionInfo = (Get-Item $v).VersionInfo
>>
>>
>>        if ($osName.Contains("Windows 10")) {
>>            $fileVersion = New-Object System.Version($versionInfo.ProductVersionRaw)
>>        }
>>        elseif ($osName.Contains("2016")) {
>>            $fileVersion = New-Object System.Version($versionInfo.ProductVersionRaw)
>>        }
>>        else {
>>            $versionString = "$($versionInfo.FileMajorPart).$($versionInfo.FileMinorPart).$($versionInfo.FileB​uildPar
t).$($versionInfo.FilePrivatePart)"
>>            $fileVersion = New-Object System.Version($versionString)
>>        }
>>
>>        Write-Host $versionInfo
>>        Write-Host $fileVersion
>>
>>
>>        }
>>    Catch
>>        {
>>        $srvsysPatched = '0'
>>        $srvsysVersion = "Unable to retrieve file version info, please verify vulnerability state manually."
>>        Write-Host "Error. Unable to retrieve file version info, please verify vulnerability state manually." -Foregro
undColor Yellow
>>        Return
>>        }
>>    }
At line:15 char:110
+ ... ).$($versionInfo.FileMinorPart).$($versionInfo.FileBuildPart).$($ver ...
+                                                         ~~~~~~~~~
Unexpected token 'uildPart' in expression or statement.
   + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
   + FullyQualifiedErrorId : UnexpectedToken

PS C:\Windows\system32> Else
Else : The term 'Else' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ Else
+ ~~~~
   + CategoryInfo          : ObjectNotFound: (Else:String) [], CommandNotFoundException
   + FullyQualifiedErrorId : CommandNotFoundException

PS C:\Windows\system32>    {
>>    $srvsysPatched = '0'
>>    $srvsysVersion = "Srv.sys does not exist, please verify vulnerability state via Patch KB number."
>>    Write-Host "Error. Unable to locate Srv.sys/file does not exist, please verify vulnerability state via Patch KB nu
mber." -ForegroundColor Yellow
>>    Return
>>    }

  $srvsysPatched = '0'
  $srvsysVersion = "Srv.sys does not exist, please verify vulnerability state via Patch KB number."
  Write-Host "Error. Unable to locate Srv.sys/file does not exist, please verify vulnerability state via Patch KB
number." -ForegroundColor Yellow
  Return

PS C:\Windows\system32> if ($osName.Contains("Vista") -or ($osName.Contains("2008") -and -not $osName.Contains("R2")))
>>    {
>>    if ($versionString.Split('.')[3][0] -eq "1")
>>        {
>>        $currentOS = "$osName GDR"
>>        $expectedVersion = New-Object System.Version("6.0.6002.19743")
>>        }
>>    elseif ($versionString.Split('.')[3][0] -eq "2")
>>        {
>>        $currentOS = "$osName LDR"
>>        $expectedVersion = New-Object System.Version("6.0.6002.24067")
>>        }
>>    else
>>        {
>>        $currentOS = "$osName"
>>        $expectedVersion = New-Object System.Version("9.9.9999.99999")
>>        }
>>    }
PS C:\Windows\system32> elseif ($osName.Contains("Windows 7") -or ($osName.Contains("2008 R2")))
elseif : The term 'elseif' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ elseif ($osName.Contains("Windows 7") -or ($osName.Contains("2008 R2" ...
+ ~~~~~~
   + CategoryInfo          : ObjectNotFound: (elseif:String) [], CommandNotFoundException
   + FullyQualifiedErrorId : CommandNotFoundException

PS C:\Windows\system32>    {
>>    $currentOS = "$osName LDR"
>>    $expectedVersion = New-Object System.Version("6.1.7601.23689")
>>    }

  $currentOS = "$osName LDR"
  $expectedVersion = New-Object System.Version("6.1.7601.23689")

PS C:\Windows\system32> elseif ($osName.Contains("Windows 8.1") -or $osName.Contains("2012 R2"))
elseif : The term 'elseif' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ elseif ($osName.Contains("Windows 8.1") -or $osName.Contains("2012 R2 ...
+ ~~~~~~
   + CategoryInfo          : ObjectNotFound: (elseif:String) [], CommandNotFoundException
   + FullyQualifiedErrorId : CommandNotFoundException

PS C:\Windows\system32>    {
>>    $currentOS = "$osName LDR"
>>    $expectedVersion = New-Object System.Version("6.3.9600.18604")
>>    }

  $currentOS = "$osName LDR"
  $expectedVersion = New-Object System.Version("6.3.9600.18604")

PS C:\Windows\system32> elseif ($osName.Contains("Windows 8") -or $osName.Contains("2012"))
elseif : The term 'elseif' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ elseif ($osName.Contains("Windows 8") -or $osName.Contains("2012"))
+ ~~~~~~
   + CategoryInfo          : ObjectNotFound: (elseif:String) [], CommandNotFoundException
   + FullyQualifiedErrorId : CommandNotFoundException

PS C:\Windows\system32>    {
>>    $currentOS = "$osName LDR"
>>    $expectedVersion = New-Object System.Version("6.2.9200.22099")
>>    }

  $currentOS = "$osName LDR"
  $expectedVersion = New-Object System.Version("6.2.9200.22099")

PS C:\Windows\system32> elseif ($osName.Contains("Windows 10"))
elseif : The term 'elseif' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ elseif ($osName.Contains("Windows 10"))
+ ~~~~~~
   + CategoryInfo          : ObjectNotFound: (elseif:String) [], CommandNotFoundException
   + FullyQualifiedErrorId : CommandNotFoundException

PS C:\Windows\system32>    {
>>    if ($os.BuildNumber -eq "10240")
>>        {
>>        $currentOS = "$osName TH1"
>>        $expectedVersion = New-Object System.Version("10.0.10240.17319")
>>        }
>>    elseif ($os.BuildNumber -eq "10586")
>>        {
>>        $currentOS = "$osName TH2"
>>        $expectedVersion = New-Object System.Version("10.0.10586.839")
>>        }
>>    elseif ($os.BuildNumber -eq "14393")
>>        {
>>        $currentOS = "$($osName) RS1"
>>        $expectedVersion = New-Object System.Version("10.0.14393.953")
>>        }
>>    elseif ($os.BuildNumber -eq "15063")
>>        {
>>        $currentOS = "$osName RS2"
>>        "No need to Patch. RS2 is released as patched. "
>>        $srvsysPatched = '1'
>>        $srvsysVersion = "System is patched. Version of srv.sys: $($fileVersion.ToString()). No need to Patch. RS2 is
released as patched. "
>>        return
>>        }
>>    }

  if ($os.BuildNumber -eq "10240")
      {
      $currentOS = "$osName TH1"
      $expectedVersion = New-Object System.Version("10.0.10240.17319")
      }
  elseif ($os.BuildNumber -eq "10586")
      {
      $currentOS = "$osName TH2"
      $expectedVersion = New-Object System.Version("10.0.10586.839")
      }
  elseif ($os.BuildNumber -eq "14393")
      {
      $currentOS = "$($osName) RS1"
      $expectedVersion = New-Object System.Version("10.0.14393.953")
      }
  elseif ($os.BuildNumber -eq "15063")
      {
      $currentOS = "$osName RS2"
      "No need to Patch. RS2 is released as patched. "
      $srvsysPatched = '1'
      $srvsysVersion = "System is patched. Version of srv.sys: $($fileVersion.ToString()). No need to Patch. RS2 is
released as patched. "
      return
      }

PS C:\Windows\system32> elseif ($osName.Contains("2016"))
elseif : The term 'elseif' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ elseif ($osName.Contains("2016"))
+ ~~~~~~
   + CategoryInfo          : ObjectNotFound: (elseif:String) [], CommandNotFoundException
   + FullyQualifiedErrorId : CommandNotFoundException

PS C:\Windows\system32>    {
>>    $currentOS = "$osName"
>>    $expectedVersion = New-Object System.Version("10.0.14393.953")
>>    }

  $currentOS = "$osName"
  $expectedVersion = New-Object System.Version("10.0.14393.953")

PS C:\Windows\system32> elseif ($osName.Contains("Windows XP"))
elseif : The term 'elseif' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ elseif ($osName.Contains("Windows XP"))
+ ~~~~~~
   + CategoryInfo          : ObjectNotFound: (elseif:String) [], CommandNotFoundException
   + FullyQualifiedErrorId : CommandNotFoundException

PS C:\Windows\system32>    {
>>    $currentOS = "$osName"
>>    $expectedVersion = New-Object System.Version("5.1.2600.7208")
>>    }

  $currentOS = "$osName"
  $expectedVersion = New-Object System.Version("5.1.2600.7208")

PS C:\Windows\system32> elseif ($osName.Contains("Server 2003"))
elseif : The term 'elseif' is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ elseif ($osName.Contains("Server 2003"))
+ ~~~~~~
   + CategoryInfo          : ObjectNotFound: (elseif:String) [], CommandNotFoundException
   + FullyQualifiedErrorId : CommandNotFoundException

PS C:\Windows\system32>    {
>>    $currentOS = "$osName"
>>    $expectedVersion = New-Object System.Version("5.2.3790.6021")
>>    }

  $currentOS = "$osName"
  $expectedVersion = New-Object System.Version("5.2.3790.6021")

PS C:\Windows\system32> else
else : The term 'else' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ else
+ ~~~~
   + CategoryInfo          : ObjectNotFound: (else:String) [], CommandNotFoundException
   + FullyQualifiedErrorId : CommandNotFoundException

PS C:\Windows\system32>    {
>>    $srvsysPatched = '0'
>>    $srvsysVersion = "Unable to determine OS applicability, please verify vulnerability state via Patch KB number."
>>    Write-Host "Error. Unable to determine OS applicability, please verify vulnerability state manually." -ForegroundC
olor Yellow
>>    $currentOS = "$osName"
>>    $expectedVersion = New-Object System.Version("9.9.9999.99999")
>>    }

  $srvsysPatched = '0'
  $srvsysVersion = "Unable to determine OS applicability, please verify vulnerability state via Patch KB number."
  Write-Host "Error. Unable to determine OS applicability, please verify vulnerability state manually."
-ForegroundColor Yellow
  $currentOS = "$osName"
  $expectedVersion = New-Object System.Version("9.9.9999.99999")

PS C:\Windows\system32>
PS C:\Windows\system32>    Write-Host "`n`nCurrent OS: $currentOS (Build Number $($os.BuildNumber))" -ForegroundColor Cy
an


Current OS:  (Build Number 16299)
PS C:\Windows\system32>    Write-Host "`nExpected Version of srv.sys: $($expectedVersion.ToString())" -ForegroundColor C
yan
You cannot call a method on a null-valued expression.
At line:1 char:49
+ ... "`nExpected Version of srv.sys: $($expectedVersion.ToString())" -Fore ...
+                                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~
   + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
   + FullyQualifiedErrorId : InvokeMethodOnNull


Expected Version of srv.sys:
PS C:\Windows\system32>    Write-Host "`nActual Version of srv.sys: $($fileVersion.ToString())" -ForegroundColor Cyan
You cannot call a method on a null-valued expression.
At line:1 char:47
+ ... -Host "`nActual Version of srv.sys: $($fileVersion.ToString())" -Fore ...
+                                           ~~~~~~~~~~~~~~~~~~~~~~~
   + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
   + FullyQualifiedErrorId : InvokeMethodOnNull


Actual Version of srv.sys:
PS C:\Windows\system32> If ($($fileVersion.CompareTo($expectedVersion)) -lt 0)
>>    {
>>    Write-Host "`n`n"
>>    Write-Host "System is NOT Patched" -ForegroundColor Red
>>
>>    $srvsysPatched = '0'
>>    Write-Host "System is NOT Patched $srvsysPatched"
>>    $srvsysVersion = "System does not appear to be patched, please verify vulnerability state via Patch KB number. Ver
sion of srv.sys: $($fileVersion.ToString()), Expected version: $expectedVersion or higher."
>>    }
You cannot call a method on a null-valued expression.
At line:1 char:7
+ If ($($fileVersion.CompareTo($expectedVersion)) -lt 0)
+       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
   + FullyQualifiedErrorId : InvokeMethodOnNull




System is NOT Patched
System is NOT Patched 0
You cannot call a method on a null-valued expression.
At line:8 char:137
+ ... atch KB number. Version of srv.sys: $($fileVersion.ToString()), Expec ...
+                                           ~~~~~~~~~~~~~~~~~~~~~~~
   + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
   + FullyQualifiedErrorId : InvokeMethodOnNull

PS C:\Windows\system32> Else
Else : The term 'Else' is not recognized as the name of a cmdlet, function, script file, or operable program. Check
the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ Else
+ ~~~~
   + CategoryInfo          : ObjectNotFound: (Else:String) [], CommandNotFoundException
   + FullyQualifiedErrorId : CommandNotFoundException

PS C:\Windows\system32>    {
>>    Write-Host "`n`n"
>>    Write-Host "System is Patched" -ForegroundColor Green
>>    $srvsysPatched = '1'
>>    Write-Host "System is Patched $srvsysPatched"
>>    $srvsysVersion = "System is patched. Version of srv.sys: $($fileVersion.ToString()). Expected version: $expectedVe
rsion or higher."
>>
>>    }

  Write-Host "`n`n"
  Write-Host "System is Patched" -ForegroundColor Green
  $srvsysPatched = '1'
  Write-Host "System is Patched $srvsysPatched"
  $srvsysVersion = "System is patched. Version of srv.sys: $($fileVersion.ToString()). Expected version:
$expectedVersion or higher."


PS C:\Windows\system32> #

Britec

04-21-2018, 10:02 AM
Try this one:

Code:
#list of all the hotfixes from https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

$hotfixes = "KB3205409", "KB3210720", "KB3210721", "KB3212646", "KB3213986", "KB4012212", "KB4012213", "KB4012214", "KB4012215", "KB4012216", "KB4012217", "KB4012218", "KB4012220", "KB4012598", "KB4012606", "KB4013198", "KB4013389", "KB4013429", "KB4015217", "KB4015438", "KB4015546", "KB4015547", "KB4015548", "KB4015549", "KB4015550", "KB4015551", "KB4015552", "KB4015553", "KB4015554", "KB4016635", "KB4019213", "KB4019214", "KB4019215", "KB4019216", "KB4019263", "KB4019264", "KB4019472", "KB4015221", "KB4019474", "KB4015219", "KB4019473"
 
#checks the computer it's run on if any of the listed hotfixes are present
$hotfix = Get-HotFix -ComputerName $env:computername | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID"
 
#confirms whether hotfix is found or not
if (Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID})
{
"Found HotFix: " + $hotfix.HotFixID
} else {
"Didn't Find HotFix"
}

Once you do that, it will return one of the following strings:
  • Found Hotfix XXXX, if your system is protected.
  • Didn’t Find HotFix, if your system is NOT protected.

WinXPto10

04-22-2018, 04:38 AM
it works like a charm! is that looks ok?
[attachment=3574]
Britec Tech Support Forum > Technical Support > Operating Systems > Windows 10 > Powershell error when checking if MS17 010 is installed Wannacry Ransomware Patch