|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Wowzza the CIA is gettin in on this now, new scare notice posted everywhere Tuesday June18.
So I patched 10 days ago, but curious, is there a file name search to examine it’s date or any other metadata search I can perform to confirm I’m successfully patched on Win7 & 10? I have both machines.
be well, breathe and honor wabi sabi
For Windows 7 you should be able to see if you have KB4499164 (monthly roll-up) or KB4499175 (security only) installed in Programs and Features. Windows 10 is not listed as affected by CVE-2019-0708.
Microsoft’s Bluekeep advisory:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
Try this:
1. In Windows 7 (or 8.x), open a cmd prompt (it doesn’t have to be elevated – ‘cos you’re only checking, not changing anything) and enter powershell.
2. At PowerShell‘s PS prompt enter the following command:
Get-HotFix -Id KB4499164,KB4499175
This will check for both updates. You will see one of the two following results (for not found and found respectively):
(See this TechNet Get-HotFix article for more info.)
Hope this helps…
Here are a some extensive resource pages on how to check the patch status, as well as test many machines directly on a LAN.
https://borncity.com/win/2019/06/06/how-to-bluekeep-check-for-windows/
and
~ Group "Weekend" ~
@NetDef – I particularly liked the tip in the bleepingcomputer.com article to use Steve Gibson’s ShieldsUP! to scan specifically for the status of the vulnerable port 3389. How easy is that!?! 🙂
Just want to point out that Steve’s Shields Up test pages probe your firewall (or lack thereof). They are not probing your machine directly unless you are connected directly to the Internet with no router / firewall (something we should never allow.)
If you test port 3389 and get Stealth as your result that means your firewall is doing it’s job, and that you have not created a forwarding rule to override that proper behavior. All good so far.
But it does not mean you are (or are not) patched for the Bluekeep vulnerability. Just that your risk of exposure from outside your LAN is mitigated.
Feel it’s worth reminding people that some of the advanced malware we see in the wild uses multiple vulnerabilities in layers to spread across your machines on your LAN.
Say an employee (or your kid) clicks a bad link and gets a local profile infection. First payload. Next that local infection starts probing the machine for elevation vulns. Or it starts scanning your LAN for other machines with network escalation vulns. Second payload deployed.
Now it finds either an SMBv1 vuln, or in the near future the Bluekeep vuln on another machine on your network and infects it.
But . . . but I tested and got “Stealth!” Remember that’s from the outside looking in: once anything gets past your firewall all bets are off friends.
~ Group "Weekend" ~
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
