cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Esben_D
Lansweeper Employee
Lansweeper Employee
Due to this topic getting more attention, I've taken the report Hendrik so kindly posted in the May Patch Tuesday topic to make it easier to find assets that might need patching.

This report gives a complete color-coded overview of all systems vulnerable to the RDS vulnerability (CVE-2019-0708). When the security hotfix is installed OR the Remote Desktop Service is stopped, the affected system is marked as 'not vulnerable'.

This report focusses on Windows XP and 2003, Windows 7 and Windows server 2008 and 2008 R2 as indicated by Microsoft's CVE-2019-0708 advisory

Update: Patches from the June Patch Tuesday have been added to the report.

Select Distinct Top 1000000 Coalesce(tsysOS.Image,
tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblState.Statename As State,
Case tblAssets.AssetID
When SubQuery1.AssetID Then 'Yes'
Else 'No'
End As [CVE-2019-0708 Patched],
tblServiceState.State As [RDP Service Status],
Case
When tblAssets.AssetID = SubQuery1.AssetID Then 'No'
When tblServiceState.State Like 'Stopped' Then 'No'
Else 'Yes'
End As Vulnerable,
Case
When tblAssets.AssetID = SubQuery1.AssetID Then ''
Else Case
When tsysOS.OSname Like '%XP%' Or
tsysOS.OSname Like '%2003%' Then 'Install KB4500331'
When tsysOS.OSname = 'Win 2008' Then 'Install KB4499149,KB4499180, KB4503273 or KB4503287'
When tsysOS.OSname = 'Win 7' Or tsysOS.OSname = 'Win 7 RC' Or
tsysOS.OSname = 'Win 2008 R2' Then 'Install KB4499164, KB4499175, KB4503292 or KB4503269'
End
End As [Install one of these updates],
tsysOS.OSname As OS,
tblAssets.SP,
Case
When tblComputersystem.Domainrole > 1 Then 'Server'
Else 'Workstation'
End As [Workstation/Server],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssets.Lastseen,
Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) + ' days ago' As WindowsUpdateInfoLastScanned,
Case
When Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) > 7 Then
'Windows update information may not be up to date. We recommend rescanning this machine.'
Else ''
End As Comment,
Case
When tblAssets.AssetID = SubQuery1.AssetID Then '#d4f4be'
When tblServiceState.State Like 'Stopped' Then '#d4f4be'
Else '#ffadad'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering
Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID
= tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID In ('KB4499149', 'KB4499180',
'KB4499164', 'KB4499175', 'KB4500331','KB4503273','KB4503287','KB4503292','KB4503269')) As SubQuery1 On
tblAssets.AssetID = SubQuery1.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblOperatingsystem On tblOperatingsystem.AssetID =
tblAssets.AssetID
Left Join tsysIPLocations On tblAssets.IPNumeric >= tsysIPLocations.StartIP
And tblAssets.IPNumeric <= tsysIPLocations.EndIP
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select Distinct Top 1000000 tblAssets.AssetID As ID,
TsysLastscan.Lasttime As QuickFixLastScanned
From TsysWaittime
Inner Join TsysLastscan On TsysWaittime.CFGCode = TsysLastscan.CFGcode
Inner Join tblAssets On tblAssets.AssetID = TsysLastscan.AssetID
Where TsysWaittime.CFGname = 'QUICKFIX') As QuickFixLastScanned On
tblAssets.AssetID = QuickFixLastScanned.ID
Left Join (Select Distinct Top 1000000 tblAssets.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Inner Join tblAssets On tblAssets.AssetID = tblErrors.AssetID
Group By tblAssets.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Inner Join tblServices On tblAssets.AssetID = tblServices.AssetID
Inner Join tblServicesUni On tblServicesUni.ServiceuniqueID =
tblServices.ServiceuniqueID
Inner Join tblServiceState On tblServiceState.StateID = tblServices.StateID
Where tblAssets.AssetID Not In (Select Top 1000000 tblAssets.AssetID
From tblAssets Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tsysOS.OSname Like 'Win 7%' And tblAssets.SP = 0) And
tsysOS.OSname Not Like '%2000%' And tsysOS.OSname Not Like '%2016%' And
tsysOS.OSname Not Like '%win 10%' And tsysOS.OSname Not Like '%2012%' And
tsysOS.OSname Not Like '%8.1%' And
tsysOS.OSname Not Like '%2019%' And tblServicesUni.Name Like '%TermService%'
And tsysAssetTypes.AssetTypename Like 'Windows%' And tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName
14 Comments
heybobby1
Engaged Sweeper III
Thanks very much for this Hendrik. I adapted it for our needs to also include NLA status and RDP connection allowed status. Need to add reg values for this.

Edited to add June monthly patches.

Select Distinct Top 1000000 Coalesce(tsysOS.Image,
tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysOS.OSname As OS,
Case
When tblComputersystem.Domainrole > 1 Then 'Server'
Else 'Workstation'
End As [Workstation/Server],
Case
When RDPConnectionState.Value = '0' Then 'Yes'
When RDPConnectionState.Value = '1' Then 'No'
Else 'Rescan needed'
End As [RDPConnectionAllowed (Yes/No)],
Case tblAssets.AssetID
When PatchState.AssetID Then 'Yes'
Else 'No'
End As [Patched (Yes/No)],
Case
When NLAState.Value = '1' Then 'On'
When NLAState.Value = '0' Then 'Off'
Else 'Rescan needed'
End As [NLA (On/Off)],
tblServiceState.State As RDPServiceStatus,
Case
When tblAssets.AssetID = PatchState.AssetID Then 'No'
When NLAState.Value = '1' Then 'Partially mitigated'
Else Case
When RDPConnectionState.Value = '0' Then 'Yes'
When RDPConnectionState.Value = '1' Then 'No'
Else 'Rescan needed'
End
End As [Vulnerable (Yes/No/Partially mitigated)],
Case
When RDPConnectionState.Value = '' Then ''
When RDPConnectionState.Value = '1' Then ''
When tblAssets.AssetID = PatchState.AssetID Then ''
Else Case
When tsysOS.OSname Like '%XP%' Or
tsysOS.OSname Like '%2003%' Then 'Install KB4500331'
When tsysOS.OSname = 'Win 2008' Then 'Install KB4503273 or KB4499180'
When tsysOS.OSname = 'Win 7' Or tsysOS.OSname = 'Win 7 RC' Or
tsysOS.OSname = 'Win 2008 R2' Then 'Install KB4503292 or KB4499175'
End
End As ActionRequired,
Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) + ' days ago' As WindowsUpdateInfoLastScanned,
Case
When Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) > 7 Then 'Windows update information may not be up to date.'
Else ''
End As Comment,
Case
When tblAssets.AssetID = PatchState.AssetID Then '#d4f4be'
When RDPConnectionState.Value = '1' Then '#d4f4be'
When NLAState.Value = '1' Then '#fada5e'
Else '#ffadad'
End As backgroundcolor,
tblAssetCustom.Custom1 As Office,
tblAssetCustom.Custom2 As Country,
tblAssets.Lastseen,
tblAssetCustom.Custom3 As [User],
tblAssets.Username As Lastuser,
tblState.Statename As State
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering
Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID
= tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID In ('KB4503273', 'KB4499149',
'KB4499180', 'KB4503292', 'KB4499164', 'KB4499175', 'KB4500331')) As
PatchState On tblAssets.AssetID = PatchState.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblOperatingsystem On tblOperatingsystem.AssetID =
tblAssets.AssetID
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select Distinct Top 1000000 tblAssets.AssetID As ID,
TsysLastscan.Lasttime As QuickFixLastScanned
From TsysWaittime
Inner Join TsysLastscan On TsysWaittime.CFGCode = TsysLastscan.CFGcode
Inner Join tblAssets On tblAssets.AssetID = TsysLastscan.AssetID
Where TsysWaittime.CFGname = 'QUICKFIX') As QuickFixLastScanned On
tblAssets.AssetID = QuickFixLastScanned.ID
Left Join (Select Distinct Top 1000000 tblAssets.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Inner Join tblAssets On tblAssets.AssetID = tblErrors.AssetID
Group By tblAssets.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Inner Join tblServices On tblAssets.AssetID = tblServices.AssetID
Inner Join tblServicesUni On tblServicesUni.ServiceuniqueID =
tblServices.ServiceuniqueID
Inner Join tblServiceState On tblServiceState.StateID = tblServices.StateID
Left Join (Select tblRegistry.Value,
tblRegistry.AssetID
From tblRegistry
Where tblRegistry.Valuename = 'UserAuthentication') NLAState On
tblAssets.AssetID = NLAState.AssetID
Left Join (Select tblRegistry.Value,
tblRegistry.AssetID
From tblRegistry
Where tblRegistry.Valuename = 'fDenyTSConnections') RDPConnectionState On
tblAssets.AssetID = RDPConnectionState.AssetID
Where tblAssets.AssetID Not In (Select Top 1000000 tblAssets.AssetID
From tblAssets Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tsysOS.OSname Like 'Win 7%' And tblAssets.SP = 0) And
tsysOS.OSname Not Like '%2000%' And tsysOS.OSname Not Like '%2016%' And
tsysOS.OSname Not Like '%win 10%' And tsysOS.OSname Not Like '%2012%' And
tsysOS.OSname Not Like '%win 8%' And tblServicesUni.Name Like '%TermService%'
And tsysAssetTypes.AssetTypename Like 'Windows%'
Order By tblAssets.Domain,
tblAssets.AssetName
Esben_D
Lansweeper Employee
Lansweeper Employee
heybobby1 wrote:
Thanks very much for this Hendrik. I adapted it for our needs to also include NLA status and RDP connection allowed status. Need to add reg values for this.


Thanks! Could you elaborate which registry keys should be scanned?
heybobby1
Engaged Sweeper III
Esben.D wrote:
Thanks! Could you elaborate which registry keys should be scanned?


These are the reg values

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\UserAuthentication


cit_ap
Engaged Sweeper
Not sure if this is a bug. But I only see Windows 7 machines in the report unless I remove "And tblAssetCustom.State = 1" from the bottom of the report. Otherwise Windows XP, Server 2008, etc, isn't showing for me.
sleague
Engaged Sweeper II
Thanks to all, When I read the KB it says to use the KB4490628, but the report being put out have two different KB, which is right?

Thank you
miek_g
Engaged Sweeper III
Awesome report.
My only Question / Concern is does KB4503292 include the Patch?

The 20 computers that showed the rollup KB4499164 no longer pass

I did a scan this morning and based on KB4503292 which is the June 11, 2019 (Monthly Rollup) we have 4 systems (in Active Directory) that do not have the patch on, based on the KB4499164 or KB4499175 ALL of the computers failed.

Hendrik_VE
Champion Sweeper III
From https://www.computerworld.com/article/3243261/windows-7-update-guide-how-security-only-and-monthly-rollups-differ.html

What's in the monthly rollup? The Windows 7 and 8.1 monthly rollups include not only this month's security patches, but also all past security and non-security fixes, going back to at least October 2016, and possibly further. In other words, a monthly rollup is a superset of the month's security-only.

So the June Monthly Rollup should also fix the RDP vulnerability, meaning you need to adapt the report to include all monthly rollups after the May Rollup (end the indication which KB to install).
Esben_D
Lansweeper Employee
Lansweeper Employee
cit_andrew wrote:
Not sure if this is a bug. But I only see Windows 7 machines in the report unless I remove "And tblAssetCustom.State = 1" from the bottom of the report. Otherwise Windows XP, Server 2008, etc, isn't showing for me.


That would indicate that your other assets are not "active" but have some other state.

sleague wrote:
Thanks to all, When I read the KB it says to use the KB4490628, but the report being put out have two different KB, which is right?

Thank you


One is the security only patch from Microsoft, the other is the complete rollup patch. Either one should mitigate.

miek_g wrote:
Awesome report.
My only Question / Concern is does KB4503292 include the Patch?

The 20 computers that showed the rollup KB4499164 no longer pass

I did a scan this morning and based on KB4503292 which is the June 11, 2019 (Monthly Rollup) we have 4 systems (in Active Directory) that do not have the patch on, based on the KB4499164 or KB4499175 ALL of the computers failed.



I updated the original report to include the security and rollup patches from June.

Argon0
Champion Sweeper
Great Report, really useful.

I have created a deployment package of KB4499164 using was to kick it off. ... And it's been run on several machines, worked fine... And run it against those machines showing vulnerable in the report (also altered the report to focus on a subset of machines which are in vulnerable locations, or have been picked up as being vulnerable via another reporting mechanism).

BUT the package I've created doesn't check if the patch is already installed, the only way I can see to do this is via the condition, which will look at registry keys, fles, OS version, or OS Architecture...

I've noticed that the deployment package is being kicked off by several people, all trying to fix the same problem using the same package, but not letting the patch finish, OR the machines reboot (and scan) before running the deployment again...

So I need to add a check for a registry key to see if the patch is already installed, can someone help?

TVM...
Esben_D
Lansweeper Employee
Lansweeper Employee
Best thing to do is to enable the "Rescan Assets" option on your deployment. This will rescan the assets after a deployment has taken place. This should prevent them from being deployed on if your report only has asset in it that do not have the patch.
LinHD
Engaged Sweeper II
Given the first cyber-attack exploiting the BlueKeep RDP flaw spotted in the wild, should the report be updated?
I think it misses considering cumulative updates released after June
jwood_mls
Champion Sweeper
I completely agree. I was pretty sure I had this mitigated, but none of the reports I'm finding on here are showing this. If the report isn't accurate, it probably should be pulled off of the site, otherwise, please update it.
Tythesly
Engaged Sweeper III
Esben.D wrote:
Due to this topic getting more attention, I've taken the report Hendrik so kindly posted in the May Patch Tuesday topic to make it easier to find assets that might need patching.

This report gives a complete color-coded overview of all systems vulnerable to the RDS vulnerability (CVE-2019-0708). When the security hotfix is installed OR the Remote Desktop Service is stopped, the affected system is marked as 'not vulnerable'.

This report focusses on Windows XP and 2003, Windows 7 and Windows server 2008 and 2008 R2 as indicated by Microsoft's CVE-2019-0708 advisory

Update: Patches from the June Patch Tuesday have been added to the report.

Select Distinct Top 1000000 Coalesce(tsysOS.Image,
tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblState.Statename As State,
Case tblAssets.AssetID
When SubQuery1.AssetID Then 'Yes'
Else 'No'
End As [CVE-2019-0708 Patched],
tblServiceState.State As [RDP Service Status],
Case
When tblAssets.AssetID = SubQuery1.AssetID Then 'No'
When tblServiceState.State Like 'Stopped' Then 'No'
Else 'Yes'
End As Vulnerable,
Case
When tblAssets.AssetID = SubQuery1.AssetID Then ''
Else Case
When tsysOS.OSname Like '%XP%' Or
tsysOS.OSname Like '%2003%' Then 'Install KB4500331'
When tsysOS.OSname = 'Win 2008' Then 'Install KB4499149,KB4499180, KB4503273 or KB4503287'
When tsysOS.OSname = 'Win 7' Or tsysOS.OSname = 'Win 7 RC' Or
tsysOS.OSname = 'Win 2008 R2' Then 'Install KB4499164, KB4499175, KB4503292 or KB4503269'
End
End As [Install one of these updates],
tsysOS.OSname As OS,
tblAssets.SP,
Case
When tblComputersystem.Domainrole > 1 Then 'Server'
Else 'Workstation'
End As [Workstation/Server],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssets.Lastseen,
Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) + ' days ago' As WindowsUpdateInfoLastScanned,
Case
When Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) > 7 Then
'Windows update information may not be up to date. We recommend rescanning this machine.'
Else ''
End As Comment,
Case
When tblAssets.AssetID = SubQuery1.AssetID Then '#d4f4be'
When tblServiceState.State Like 'Stopped' Then '#d4f4be'
Else '#ffadad'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering
Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID
= tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID In ('KB4499149', 'KB4499180',
'KB4499164', 'KB4499175', 'KB4500331','KB4503273','KB4503287','KB4503292','KB4503269')) As SubQuery1 On
tblAssets.AssetID = SubQuery1.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblOperatingsystem On tblOperatingsystem.AssetID =
tblAssets.AssetID
Left Join tsysIPLocations On tblAssets.IPNumeric >= tsysIPLocations.StartIP
And tblAssets.IPNumeric <= tsysIPLocations.EndIP
Inner Join tblState On tblState.State = tblAssetCustom.State
Left Join (Select Distinct Top 1000000 tblAssets.AssetID As ID,
TsysLastscan.Lasttime As QuickFixLastScanned
From TsysWaittime
Inner Join TsysLastscan On TsysWaittime.CFGCode = TsysLastscan.CFGcode
Inner Join tblAssets On tblAssets.AssetID = TsysLastscan.AssetID
Where TsysWaittime.CFGname = 'QUICKFIX') As QuickFixLastScanned On
tblAssets.AssetID = QuickFixLastScanned.ID
Left Join (Select Distinct Top 1000000 tblAssets.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Inner Join tblAssets On tblAssets.AssetID = tblErrors.AssetID
Group By tblAssets.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Inner Join tblServices On tblAssets.AssetID = tblServices.AssetID
Inner Join tblServicesUni On tblServicesUni.ServiceuniqueID =
tblServices.ServiceuniqueID
Inner Join tblServiceState On tblServiceState.StateID = tblServices.StateID
Where tblAssets.AssetID Not In (Select Top 1000000 tblAssets.AssetID
From tblAssets Inner Join tsysOS On tsysOS.OScode = tblAssets.OScode
Where tsysOS.OSname Like 'Win 7%' And tblAssets.SP = 0) And
tsysOS.OSname Not Like '%2000%' And tsysOS.OSname Not Like '%2016%' And
tsysOS.OSname Not Like '%win 10%' And tsysOS.OSname Not Like '%2012%' And
tsysOS.OSname Not Like '%8.1%' And
tsysOS.OSname Not Like '%2019%' And tblServicesUni.Name Like '%TermService%'
And tsysAssetTypes.AssetTypename Like 'Windows%' And tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName


Can this get updated to reflect Dejablue (CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, CVE-2019-1226) which can affect newer versions of windows?
Hendrik_VE
Champion Sweeper III
Have a try with this report I've created. It shows how 'vulnerable' your RDP is.
Please note:
- report needs to be updated monthly after each patch tuesday to reflect the newest security updates (section HFQuery), March still to be added (we release on the 4the Tuesday).
- A couple of registry values need to be scanned:
- SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp - UserAuthentication
- SYSTEM\CurrentControlSet\Control\Terminal Server - fDenyTSConnections
- SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp - Portnumber
- It's unfortunately not colour-coded because I always export my results to Power BI and that's where the real 'magic' happens.


Select Distinct Top 1000000 Coalesce(tsysOS.Image,
tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblAssetCustom.Custom4 As [System Coordinator],
tblAssetCustom.Custom5 As [Network Administrator],
tblAssetCustom.Custom6 As [System Administrator],
tblServiceState.State As [RDP Service Status],
Case
When RDPConnectionState.Value = '0' Then 'Yes'
When RDPConnectionState.Value = '1' Then 'No'
Else 'No data'
End As [RDP Enabled],
Case
When NLAState.Value = '1' Then 'On'
When NLAState.Value = '0' Then 'Off'
Else 'No data'
End As [NLA (On/Off)],
RDPPort.Value As [RDP Port],
Case
When tblAssets.AssetID = HFQuery.AssetID Then ''
Else
'Install August 2019 Security Updates or later to comply with Bluekeep/Dejablue Vulnerability'
End As [Vulnerability Advisory],
tblOperatingsystem.Caption As 'OS',
tblAssets.SP,
Case
When tsysOS.OScode Like '10.0.10240%' Then '1507'
When tsysOS.OScode Like '10.0.10586%' Then '1511'
When tsysOS.OScode Like '10.0.14393%' Then '1607'
When tsysOS.OScode Like '10.0.15063%' Then '1703'
When tsysOS.OScode Like '10.0.16299%' Then '1709'
When tsysOS.OScode Like '10.0.17134%' Then '1803'
When tsysOS.OScode Like '10.0.17763%' Then '1809'
When tsysOS.OScode Like '10.0.18362%' Then '1903'
When tsysOS.OScode Like '10.0.18363%' Then '1909'
When tsysOS.OScode Like '10.0.19041%' Then '2004'
End As Version,
Case
When tblComputersystem.Domainrole > 1 Then 'Server'
Else 'Workstation'
End As [Workstation/Server],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblAssets.Lastseen
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblOperatingsystem On tblOperatingsystem.AssetID =
tblAssets.AssetID
Left Join tsysIPLocations On tblAssets.IPNumeric >= tsysIPLocations.StartIP
And tblAssets.IPNumeric <= tsysIPLocations.EndIP
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Inner Join tblServices On tblAssets.AssetID = tblServices.AssetID
Inner Join tblServicesUni On tblServicesUni.ServiceuniqueID =
tblServices.ServiceuniqueID
Inner Join tblServiceState On tblServiceState.StateID = tblServices.StateID
Left Join (Select tblRegistry.Value,
tblRegistry.AssetID
From tblRegistry
Where tblRegistry.Valuename = 'UserAuthentication') NLAState On
tblAssets.AssetID = NLAState.AssetID
Left Join (Select tblRegistry.Value,
tblRegistry.AssetID
From tblRegistry
Where tblRegistry.Valuename = 'fDenyTSConnections') RDPConnectionState On
tblAssets.AssetID = RDPConnectionState.AssetID
Left Join (Select tblRegistry.Value,
tblRegistry.AssetID
From tblRegistry
Where tblRegistry.Valuename = 'PortNumber') RDPPort On tblAssets.AssetID =
RDPPort.AssetID
Left Join (Select Top 1000000 tblQuickFixEngineering.AssetID
From tblQuickFixEngineering
Inner Join tblQuickFixEngineeringUni On tblQuickFixEngineeringUni.QFEID
= tblQuickFixEngineering.QFEID
Where tblQuickFixEngineeringUni.HotFixID In ('KB4512497', 'KB4512517',
'KB4512507', 'KB4512516', 'KB4512501', 'KB4511553', 'KB4512508',
'KB4512506', 'KB4512486', 'KB4512488', 'KB4512489', 'KB4512518',
'KB4512482', 'KB4516051', 'KB4516026', 'KB4516033', 'KB4516065',
'KB4516062', 'KB4516055', 'KB4516064', 'KB4516067', 'KB4516070',
'KB4516044', 'KB4516068', 'KB4516066', 'KB4516058', 'KB4512578',
'KB4515384', 'KB4520009', 'KB4520002', 'KB4520003', 'KB4519976',
'KB4519985', 'KB4520007', 'KB4519990', 'KB4520005', 'KB4520011',
'KB4093109', 'KB4519998', 'KB4520010', 'KB4520004', 'KB4520008',
'KB4519338', 'KB4517389', 'KB4525239', 'KB4525234', 'KB4525233',
'KB4525235', 'KB4525253', 'KB4525246', 'KB4525250', 'KB4525243',
'KB4525232', 'KB4093109', 'KB4525236', 'KB4520010', 'KB4525241',
'KB4525237', 'KB4523205', 'KB4524570', 'KB4530695', 'KB4530719',
'KB4530734', 'KB4530692', 'KB4530691', 'KB4530698', 'KB4530702',
'KB4530730', 'KB4530681', 'KB4530689', 'KB4530714', 'KB4530717',
'KB4530715', 'KB4530684', 'KB4534303', 'KB4534312', 'KB4534310',
'KB4534314', 'KB4534283', 'KB4534288', 'KB4534297', 'KB4534309',
'KB4534306', 'KB4534271', 'KB4534276', 'KB4534293', 'KB4534273',
'KB4528760', 'KB4537810', 'KB4537822', 'KB4537820', 'KB4537813',
'KB4537814', 'KB4537794', 'KB4537821', 'KB4537803', 'KB4537776',
'KB4537764', 'KB4537789', 'KB4537762', 'KB4532691', 'KB4532693',
'KB4532693', 'KB4541504', 'KB4541506', 'KB4541500', 'KB4540688',
'KB4540694', 'KB4541510', 'KB4541505', 'KB4541509', 'KB4540693',
'KB4540670', 'KB4540681', 'KB4540689', 'KB4538461', 'KB4540673',
'KB4551762', 'KB4550961', 'KB4550970', 'KB4550964', 'KB4550965',
'KB4550951', 'KB4550957', 'KB4550917', 'KB4550971', 'KB4550930',
'KB4550929', 'KB4550927', 'KB4550922', 'KB4549949', 'KB4549951',
'KB4556836', 'KB4556843', 'KB4556860', 'KB4556854', 'KB4556813',
'KB4556840', 'KB4556852', 'KB4556846', 'KB4556853', 'KB4556826',
'KB4556812', 'KB4556807', 'KB4551853', 'KB4556799', 'KB4561645',
'KB4561670', 'KB4561643', 'KB4561669', 'KB4561612', 'KB4561674',
'KB4561666', 'KB4561673', 'KB4561649', 'KB4561616', 'KB4561602',
'KB4561621', 'KB4561608', 'KB4560960', 'KB4557957', 'KB4565536',
'KB4565529', 'KB4565524', 'KB4565539', 'KB4565537', 'KB4565535',
'KB4565541', 'KB4565540', 'KB4565513', 'KB4565511', 'KB4565508',
'KB4565489', 'KB4558998', 'KB4565483', 'KB4565503', 'KB4571730',
'KB4571746', 'KB4571729', 'KB4571719', 'KB4571736', 'KB4571702',
'KB4571703', 'KB4571723', 'KB4571692', 'KB4571694', 'KB4571741',
'KB4571709', 'KB4565349', 'KB4565351', 'KB4566782', 'KB4577064',
'KB4577070', 'KB4577051', 'KB4577053', 'KB4577038', 'KB4577048',
'KB4577071', 'KB4577066', 'KB4577049', 'KB4577015', 'KB4577041',
'KB4577032', 'KB4570333', 'KB4574727', 'KB4571756', 'KB4580385',
'KB4580378', 'KB4580387', 'KB4580345', 'KB4580353', 'KB4580382',
'KB4580358', 'KB4580347', 'KB4580327', 'KB4580346', 'KB4580328',
'KB4580330', 'KB4577668', 'KB4577671', 'KB4577671', 'KB4579311',
'KB4586807', 'KB4586817', 'KB4586827', 'KB4586805', 'KB4586834',
'KB4586808', 'KB4457129', 'KB4586823', 'KB4586787', 'KB4586830',
'KB4586785', 'KB4586793', 'KB4586786', 'KB4586781', 'KB4592498',
'KB4592504', 'KB4592471', 'KB4592503', 'KB4592468', 'KB4592497',
'KB4592484', 'KB4592495', 'KB4592464', 'KB4593226', 'KB4592446',
'KB4592440', 'KB4592449', 'KB4592438', 'KB4598287', 'KB4598288',
'KB4598279', 'KB4598289', 'KB4598278', 'KB4598297', 'KB4598285',
'KB4598275', 'KB4598231', 'KB4598243', 'KB4598245', 'KB4598230',
'KB4598229', 'KB4598242')) As HFQuery On tblAssets.AssetID =
HFQuery.AssetID
Where tblServicesUni.Name Like '%TermService%' And
tsysAssetTypes.AssetTypename Like 'Windows%' And tblAssetCustom.State = 1
Order By tblAssets.Domain,
tblAssets.AssetName