Where are CVE-2017-0199 patches in Patch Management?

book

Article ID: 169761

calendar_today

Updated On:

Products

Patch Management Solution for Windows

Issue/Introduction

Many articles say that the June 2017 "Petya" malware exploits the EternalBlue and CVE-2017-0199 vulnerabilities. TECH240810 addresses how to report the EternalBlue patches in Patch Management since most of the patches were released in bulletins other than MS17-010. Similarly, there is no CVE-2017-0199 bulletin in Patch Management and those patches were released under other bulletins.

Resolution

As of early July 2017 the CVE-2017-0199 patches were released under the following bulletins in Patch Management and many were superseded by newer updates:

KB3141529 from MS17-OFF-04 was superseded by KB3191895 from MS17-05-OFF, which was superseded by KB3203436 from MS17-06-OFF
KB3141538 from MS17-OFF-04 was superseded by KB3191899 from MS17-05-OFF, which was superseded by KB3203460 from MS17-06-OFF
KB3178710 from MS17-OFF-04 was superseded by KB3191885 from MS17-05-OFF, which was superseded by KB3203386 from MS17-06-OFF
KB3178703 from MS17-OFF-04 was superseded by KB3191882 from MS17-06-OFF
KB4014793 from MS17-2K8-04 is not superseded
KB4015551 from MS17-MR8-04 was superseded by KB4019216 from MS17-05-MR8
KB4015549 from MS17-MR7-04 was superseded by KB4019264 from MS17-05-MR7
KB4015546 from MS17-SO7-04 is not superseded
KB4015548 from MS17-SO8-04 is not superseded

The following SQL query can be used for a custom SQL report (computers are compliant if any one applicable update is installed)

SELECT vComputer.Name [Computer],
 vComputer.[User],
 vComputer.[OS Name],
 Inv_Software_Update.[FileName] AS [Applicable Update],
 MAX(vRM_Software_Bulletin_Item.Name) AS [Bulletin], --Only show most recent bulletin
 (CASE WHEN iI._id IS NULL THEN 0 ELSE 1 END) AS [Installed]
 FROM Inv_Applicable_Windows_Software_Update iA
 LEFT JOIN vComputer on vComputer.Guid = iA._ResourceGuid
 LEFT JOIN Inv_Software_Update ON Inv_Software_Update._ResourceGuid = iA.SoftwareUpdateGuid
 LEFT JOIN ResourceAssociation ON (ResourceAssociation.ChildResourceGuid = iA.SoftwareUpdateGuid
 AND ResourceAssociation.ResourceAssociationTypeGuid = '7EEAB03A-839C-458D-9AF2-55DB6B173293')
 LEFT JOIN vRM_Software_Bulletin_Item ON vRM_Software_Bulletin_Item.Guid = ResourceAssociation.ParentResourceGuid
 LEFT JOIN Inv_Installed_Windows_Software_Update iI ON (iI._ResourceGuid = iA._ResourceGuid
 AND iI.SoftwareUpdateGuid = iA.SoftwareUpdateGuid)
WHERE Inv_Software_Update.[FileName] LIKE '%KB3203436%'
OR Inv_Software_Update.[FileName] LIKE '%KB3203460%'
OR Inv_Software_Update.[FileName] LIKE '%KB3203386%'
OR Inv_Software_Update.[FileName] LIKE '%KB3191882%'
OR Inv_Software_Update.[FileName] LIKE '%KB4014793%'
OR Inv_Software_Update.[FileName] LIKE '%KB4019216%'
OR Inv_Software_Update.[FileName] LIKE '%KB4019264%'
OR Inv_Software_Update.[FileName] LIKE '%KB4015546%'
OR Inv_Software_Update.[FileName] LIKE '%KB4015548%'
GROUP BY vComputer.Name, vComputer.[OS Name], vComputer.[User], Inv_Software_Update.[FileName], Inv_Software_Update.ReleaseDate, iI._id
 ORDER BY vComputer.Name