Security Tip: How to Determine if a Specific Microsoft Hotfix Has been Installed?

book

Article ID: 177701

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

You are concerned about a threat circulating in the wild that is known to take advantage of a specific Operating System vulnerability. Microsoft has released a hotfix (patch) to fix this vulnerability. What is an easy way to determine if the hotfix has been applied to a computer?

Symptoms
An example:

The worm W32.Downadup.B is known to spread by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability. Microsoft have released a patch (KB958644) for this vulnerability, as described in security bulletin MS08-067. What is one easy way to check if KB958644 has been installed on your computer?

 

Resolution

Systeminfo
Since the release of Windows XP, a handy command-line tool called systeminfo has been built into the Operating System. This utility will display key information about a computer, including the list of hotfixes that have been installed.

  1. Click Start, Run, and type cmd to launch a command window.
  2. Type systeminfo to display the information on screen, or systeminfo >C:\systeminfo.txt to write the output to a file called systeminfo.txt at the root of the C drive.
  3. Search the list of hotfixes for the patch that is sought.


AntiVirus Alone is not Enough
It is an important security best practice to keep Operating System patch levels up to date. Many threats are designed to exploit known vulnerabilities for which patches have already been created. These threats will not be able to spread or cause any damage to a computer that has already been patched.

Additional best practices call for the use of a dependable firewall with IPS/IDS capabilities, disabling AutoPlay, and enforcing strong password policies. For more information, read Symantec's Security Best Practice Recommendations and Symantec Endpoint Protection – Best Practices.