I am trying to get a report out of KACE K1000 that shows the devices that don't have the patches contained within MS17-010. Does anyone have a report that can give me this information?
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Community Chosen Answer

1
Lookup to see what the KB number is for your version(s) of Windows per  this article:

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

Then put that KB into SQL as seen below after "SOFTWARE.DISPLAY_NAME like" and run as a new report on the K1000:

select MACHINE.*
                  from ORG1.MACHINE 
                  LEFT JOIN KBSYS.KUID_ORGANIZATION O ON O.KUID=MACHINE.KUID LEFT JOIN KBSYS.SMMP_CONNECTION C ON C.KUID = MACHINE.KUID AND O.ORGANIZATION_ID = 1
                 where ((((  (1 not in (select 1 from ORG1.SOFTWARE, ORG1.MACHINE_SOFTWARE_JT where MACHINE.ID = MACHINE_SOFTWARE_JT.MACHINE_ID and MACHINE_SOFTWARE_JT.SOFTWARE_ID = SOFTWARE.ID and SOFTWARE.DISPLAY_NAME like '%Security Update for Microsoft Windows (KB4012212)%'))))))


Answered 05/18/2017 by: rockhead44
Red Belt

  • I get SQL errors when I try this code. I'll see if I can tweak it and get it to work,

    ____________cut here_______cut here________
    . mysqli error: [1064: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ' from ORG1.MACHINE LEFT ' at line 2] in EXECUTE( "select MACHINE.* from ORG1.MACHINE LEFT JOIN KBSYS.KUID_ORGANIZATION O ON O.KUID=MACHINE.KUID LEFT JOIN KBSYS.SMMP_CONNECTION C ON C.KUID = MACHINE.KUID AND O.ORGANIZATION_ID = 1 where (((( (1 not in (select 1 from ORG1.SOFTWARE, ORG1.MACHINE_SOFTWARE_JT where MACHINE.ID = MACHINE_SOFTWARE_JT.MACHINE_ID and MACHINE_SOFTWARE_JT.SOFTWARE_ID = SOFTWARE.ID and SOFTWARE.DISPLAY_NAME like '%Security Update for Microsoft Windows (KB4012212)%')))))) LIMIT 0")
    • I do have Orgs enabled so I wonder if that's part of the problem.
  • This report won't be completely accurate because not all machines receive the update via that specific patch. Windows 10 machines receive it in a cumulative update, for instance.
    • The workaround for Windows 10 update verification is to check for all of the KBs from the initial one that addressed the vulnerability up to and including the most recent. This way you can identify all of the systems that are or are not in compliance, no matter what stage of Windows 10 updates they are in after the initial update that addressed the vulnerability.
Please log in to comment

Answers

0
Just use %KB4012212% as software name would vary according to OS.
Like Microsoft Windows OS ( flavour like 7 , 7 x64 etc) ..

You can also check as below in device inventory

software title don't match regex KB4012212 | KB4012215 |KB4019264
Answered 05/19/2017 by: rock_star
Second Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity

Share