Powershell Script To Check for MS17-010 Hotfixes [EternalBlue]

The below PowerShell script will check for all Microsoft KB patches associated to MS17-010.

EternalBlue  is an exploit developed by the U.S. National Security Agency (NSA) according to testimony by former NSA employees. It was leaked by the Shadow Brokers hacker group on April 14, 2017, and was used as part of the worldwide WannaCry ransomware attack

Exploits include WannaCry, EternalRomance, EternalChampion, and EternalSynergy exploits.

The most severe of the vulnerabilities could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server.

This script will only work on the local PC (it can be midified to cover the entire network – please feel free to add comments if you have done this)

#list of all the hotfixes from https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
$hotfixes = "KB3205409", "KB3210720", "KB3210721", "KB3212646", "KB3213986", "KB4012212", "KB4012213", "KB4012214", "KB4012215", "KB4012216", "KB4012217", "KB4012218", "KB4012220", "KB4012598", "KB4012606", "KB4013198", "KB4013389", "KB4013429", "KB4015217", "KB4015438", "KB4015546", "KB4015547", "KB4015548", "KB4015549", "KB4015550", "KB4015551", "KB4015552", "KB4015553", "KB4015554", "KB4016635", "KB4019213", "KB4019214", "KB4019215", "KB4019216", "KB4019263", "KB4019264", "KB4019472", "KB4015221", "KB4019474", "KB4015219", "KB4019473"

#checks the computer it's run on if any of the listed hotfixes are present
$hotfix = Get-HotFix -ComputerName $env:computername | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID"

#confirms whether hotfix is found or not
if (Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID})
{"Found HotFix: " + $hotfix.HotFixID} 
else 
{Write-Warning ”Did Not Find HotFix"}

There is also otther ways to check for the patches, as documented by Microsoft here.