cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
heybobby1
Engaged Sweeper III
This might be of interest to some.


See: https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018

Workstations will be blocked from RDPing to a server if the client is patched but the server is unpatched.

For my own needs I've created a report with criteria:

OS: W2008 R2, W2012 or W2012 R2
Feature installed: "AppServer" (Remote Desktop Services Application Server)
Missing Windows updates: Security only and monthly updates for Mar, Apr or May 2018

Select Distinct Top 1000000 Coalesce(tsysOS.Image,
tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysOS.OSname As OS,
Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Or
tblAssets.Lastseen Is Null Then 'Not Scanned' Else 'No' End As Patched,
Case
When tsysOS.OSname = 'Win 2008 R2' Then
'KB4088877 or KB4088878 or KB4093118 or KB4093108 or KB4103718 or KB4103712'
When tsysOS.OSname = 'Win 2012 R2' Then
'KB4088876 or KB4088879 or KB4093114 or KB4093115 or KB4103725 or KB4103715'
When tsysOS.OSname =
'Win 2012' Then
'KB4088877 or KB4088880 or KB4093123 or KB4093122 or KB4103730 or KB4103726'
Else 'No Patch Available' End As [Install one of these updates],
tblAssetCustom.Custom1 As Office,
tblAssetCustom.Custom2 As Country,
tblAssets.Lastseen,
Case When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then 'Scanning Error: ' +
tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors,
Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) + ' days ago' As WindowsUpdateInfoLastScanned,
Case
When Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) >
3 Then
'Windows update information may not be up to date. We recommend rescanning this machine.' Else '' End As Comment,
tblAssets.Username As Lastuser,
tblState.Statename As State
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tblFeature On tblAssets.AssetID = tblFeature.AssetId
Inner Join tblFeatureUni On tblFeatureUni.featUniID = tblFeature.featUniId
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblOperatingsystem On tblOperatingsystem.AssetID =
tblAssets.AssetID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select Distinct Top 1000000 tblAssets.AssetID As ID,
TsysLastscan.Lasttime As QuickFixLastScanned
From TsysWaittime
Inner Join TsysLastscan On TsysWaittime.CFGCode = TsysLastscan.CFGcode
Inner Join tblAssets On tblAssets.AssetID = TsysLastscan.AssetID
Where TsysWaittime.CFGname = 'QUICKFIX') As QuickFixLastScanned
On tblAssets.AssetID = QuickFixLastScanned.ID
Left Join (Select Distinct Top 1000000 tblAssets.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Inner Join tblAssets On tblAssets.AssetID = tblErrors.AssetID
Group By tblAssets.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where
tblAssets.AssetID Not In (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering Inner Join tblQuickFixEngineeringUni
On tblQuickFixEngineeringUni.QFEID = tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID In ('KB4088877', 'KB4088878',
'KB4093118', 'KB4093108', 'KB4103718', 'KB4103712', 'KB4088876',
'KB4088879', 'KB4093114', 'KB4093115', 'KB4103725', 'KB4103715',
'KB4088877', 'KB4088880', 'KB4093123', 'KB4093122', 'KB4103730',
'KB4103726')) And tblFeatureUni.featureName = 'AppServer'
Order By Country,
Office,
tblAssets.AssetName,
OS


This is adapted from the Meltdown-Spectre report previously provided by Lansweeper.
2 REPLIES 2
Esben_D
Lansweeper Employee
Lansweeper Employee
Thank you for sharing.
heybobby1
Engaged Sweeper III
Charles.X wrote:
Thank you for sharing.


You're welcome.