We have a Windows Server 2012R2.
How can we be sure that the patch needed for WannaCry is installed and we are protected from it?
And How can we install the patch if it turns out we are still vulnerable?
Asked
Active
Viewed 3,347 times
-1
-
1*How can we be sure that the patch needed for WannaCry is installed and we are protected from it?* - You either install the patch or you verify that either **KB4012213** or **KB4012217** is installed. *How can we install the patch if it turns out we are still vulnerable?* - Download and install the patch. – Ramhound May 24 '17 at 16:11
2 Answers
0
There's a few ways to check if the update is installed, from going into
- Control Panel
- Programs and Features
- selecting 'Installed Updates' and looking through the list
Or you can query your system as this answer shows.
E.g.
wmic qfe get hotfixid | find "KB99999"
wmic qfe | find "KB99999"
If you need the update: So you can either install just the update KB4012213
Or you can install ALL THE UPDATES KB4012216,
Eitherway, you want to look at automating/having control over patching so you're not trying to manually patch things after an attack occurs.
More infomation on microsoft updates: Microsoft Security Update Guide
djsmiley2kStaysInside
- 6,643
- 2
- 31
- 43
-
Windows update says it has no updates, but if I check with: Get-hotfix -computername dc8sftptst03 -ID KB4012216 and Get-hotfix -computername dc8sftptst03 -ID KB4012213 it still says they are not installed – Peter May 24 '17 at 14:36
-
@Peter are you using a WSUS server or something else to control which patches get applied? It maybe that the patch needs authorising for install first. – djsmiley2kStaysInside May 24 '17 at 14:37
-2
KB4019215 cumulative patch has the wannacry fix.
Peter
- 123
- 1
- 3
- 6
-
Thanks for closing the loop on your question. Can you post a link to your source that this is the case? It isn't obvious from the Microsoft description that it is. – fixer1234 May 26 '17 at 01:54