Another time we are hearing about a worldwide attack using a ransomware to stole money (bitcoins) and create services unavailability or data losses. One question in many company is asked to IT department :- Are we protect against this attack?-
It’s know that this attack, like the major part of the attacks, is permitted due a security bugs in Windows systems. For this reason, last month, Microsoft made available a patch to avoid this attack. But how many people already have updated their system?
You know, sometimes is difficult for many IT department to find the right time to apply updates and patches, because in 99% of cases it requires a reboot, with consequent unavailability or dependency problems. Answering the question for protection, if you’re in a VMware farm with many windows VMs in a domain controller, you could take the advantage of the powercli to getting the state of windows update for every window VM.
A note from Microsoft is released with its KBID: https://support.microsoft.com/en-us/help/4013389/title
Requirements
- an vCenter account with enough privileges to execute a script using Invoke-VM script
- an active directory administrator account (or with enough privileges) to execute Get-HotFix command
- powercli (of course!)
The Script
Here the example:
$winUser="DOMAIN\Administrator"
$winPwd="password"
$checkHotFix=@("KB4019215","KB4012598","KB4012216","KB4012213","KB4012217","KB4012214","KB4012215","KB4012212","KB4013429","KB4012606","KB4013198")
Foreach($vm in(Get-VM|Get-VMGuest|Select-String"windows")){
$vm=($vm-split":")[0]
## Test credentials
Try{
$result=Invoke-VMScript-VM$vm-GuestUser$winUser-GuestPassword$winPwd-ScriptText"[System.Environment]::OSVersion.Version"-ErrorAction Stop
}Catch{
Write-Host"Invalid Credentials for $vm"
continue
}
Write-Host"----------------------------------"
Write-Host"VM Name $vm"
Write-Host"----------------------------------"
$result=Invoke-VMScript-VM$vm-GuestUser$winUser-GuestPassword$winPwd-ScriptText"Get-HotFix | Select 'HotFixID'"
Foreach($fix in$checkHotFix){
if($result.Contains($fix)){
Write-Host" $fix Found"
}
}
Write-Host"----------------------------------"
}
For newbie in powercli, before launching the script you must connect to vCenter using the cmdlet Connect-VIServer. Hope this could be useful!