First things first, I applaud Ivanti for the attention they have given to WCry or WannaCrypt, but I felt the need to make this post simply for the reason that while lots of sites provide some information, I got tired of searching the web to find something else I needed to add, or just being tired of checking multiple bookmarks to look for updates. This blog is purely for my sanity, and in hopes of helping those in the same boat. I claim no ownership of any information, but am simply compiling the info I needed, and hope it helps you the reader as well.

 

First things first, check out the official Ivanti section about WCry Here, and Here

Also, to save time, here is a list of all patches as of now (Provided by Solarwinds). I've combined that list with the information from here, but in a complete list.

 

Update: 30-MAY-2017

Ivanti has released a reporting definition that you can use to report against MS17-010. See here for info

 

Patches broken down by Operating System then by KB number:

  • Windows XP SP3 32-bit, Windows XP SP2 64-bit, Windows Server 2003 SP2 32-bit and 64-bit, Windows Vista SP2 32-bit and 64-bit, Server 2008 SP2 32-bit and 64-bit:
    • KB4012598
  • Windows Server 2008
    • KB4018466
  • Windows 7 SP1 32-bit and 64-bit, Windows Server 2008 R2 SP1 64-bit:
    • KB4012212
    • KB4019264 (May Update. Replaces 5549)
      • KB4015549 (April Update. Replaces 2215)
        • KB4012215 (March Update)
  • Windows 8.1 32-bit and 64-bit, Windows Server 2012 R2:
    • KB4019215 (May Update. Replaces 5550)
      • KB4015550 (April Update. Replaces 2216)
        • KB4012216 (March Update)
    • KB4012213
  • Windows Server 2012:
    • KB4012214
    • KB4012217
    • KB4015551
    • KB4019216
  • Windows 10 32-bit and 64-bit:
    • KB4019474 (May Update. Replaces 6637)
      • KB4016637 (April Update. Replaces 2606)
        • KB4012606 (March Update)
    • KB4015221
  • Windows 10 version 1511 32-bit and 64-bit:
    • KB4019473 (May Update. Replaces 5219)
      • KB4015219 (April Update. Replaces 3198)
        • KB4013198 (March Update)
    • KB4016636
    • KB4016871
  • Windows 10 version 1607 32-bit and 64-bit, Windows Server 2016 64-bit:
    • KB4019472 (May Update. Replaces 5217)
      • KB4015217 (April Update. Replaces 3429)
        • KB4013429 (March Update)
    • KB4015438
    • KB4016635

Additionally, for Windows 10, if you have Build 14393.953 or later, you are covered against WCry. But how do you check against this in Ivanti Endpoint Manager?

Open up the device inventory and Navigate to OS/NT Info/BuildLab.

BuildLab.PNG

The naming scheme mirrors MS build name so we're looking for anything that starts with 14393. Additionally, the numbers are based of YYMMDD format, so

14393.rs1_release.160715-1616 = 14393.0

14393.rs1_release_inmarket.160906-1818 = 14393.187

14393.rs1_release.161220-1747 = 14393.693

 

14393.rs1_release_inmarket.170303-1614 = 14393.953

14393.rs1_release_inmarket.170315-1735 = 14393.969

rs1_release_inmarket.170318-0600 = 14393.970

rs1_release_sec.170327-1835 = 14393.1066

rs1_release.170406-1521 = 14393.1066

rs1_release_sec.170427-1353 = 14393.1198

 

To simplify handling anything higher, we can query against

OS/NT Info/Release ID and selecting 1703

ReleaseID.PNG

Now that you've watched the videos, understood how it all goes, the next question is, well how do i show my bosses where we stand?

 

Assuming you are like myself, and most companies out there, you have a mix of XP - Windows 10 and everything in between. Save some time and import the Query attached to this blog. Below is what I used to determine who has been patched already.

Query1.PNG

Query2.PNG

Query2.PNG