News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • BlueKeep Scare – how to confirm I'm patched?

    Posted on noblame no gain Comment on the AskWoody Lounge

    Home Forums Code Red – Security/Privacy advisories BlueKeep Scare – how to confirm I'm patched?

    Viewing 4 reply threads
    • Author
      Posts
      • #1847916 Reply
        noblame no gain
        AskWoody Lounger

        Wowzza the CIA is gettin in on this now, new scare notice posted everywhere Tuesday June18.

        So I patched 10 days ago, but curious, is there a file name search to examine it’s date or any other metadata search I can perform to confirm I’m successfully patched on Win7 & 10? I have both machines.

        be well, breathe and honor wabi sabi

      • #1848112 Reply
        anonymous
        Guest

        For Windows 7 you should be able to see if you have KB4499164 (monthly roll-up) or KB4499175 (security only) installed in Programs and Features. Windows 10 is not listed as affected by CVE-2019-0708.

        Microsoft’s Bluekeep advisory:
        https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

        1 user thanked author for this post.
      • #1848182 Reply
        Rick Corbett
        AskWoody_MVP

        Try this:

        1. In Windows 7 (or 8.x), open a cmd prompt (it doesn’t have to be elevated – ‘cos you’re only checking, not changing anything) and enter powershell.

        2. At PowerShell‘s PS prompt enter the following command:

        Get-HotFix -Id KB4499164,KB4499175

        This will check for both updates. You will see one of the two following results (for not found and found respectively):

        hotfix_not_found

        hotfix_found

        (See this TechNet Get-HotFix article for more info.)

        Hope this helps…

        Attachments:
        1 user thanked author for this post.
      • #1848211 Reply
        NetDef
        AskWoody_MVP

        Here are a some extensive resource pages on how to check the patch status, as well as test many machines directly on a LAN.

        How To: BlueKeep-Check for Windows

        and

        https://www.bleepingcomputer.com/news/security/finding-windows-systems-affected-by-bluekeep-remote-desktop-bug/

        ~ Group "Weekend" ~

        2 users thanked author for this post.
      • #1848231 Reply
        Rick Corbett
        AskWoody_MVP

        @NetDef – I particularly liked the tip in the bleepingcomputer.com article to use Steve Gibson’s ShieldsUP! to scan specifically for the status of the vulnerable port 3389. How easy is that!?! 🙂

        1 user thanked author for this post.
        • #1857263 Reply
          HiFlyer
          AskWoody Plus

          @NetDef – I particularly liked the tip in the bleepingcomputer.com article to use Steve Gibson’s ShieldsUP! to scan specifically for the status of the vulnerable port 3389. How easy is that!?! 🙂

          Report says “Stealth” I understand that’s good.  I want to check all ports with GRC Shields Up or another tool if it’s better.   Thanks in advance for your help

        • #1857321 Reply
          NetDef
          AskWoody_MVP

          Just want to point out that Steve’s Shields Up test pages probe your firewall (or lack thereof).  They are not probing your machine directly unless you are connected directly to the Internet with no router / firewall (something we should never allow.)

          If you test port 3389 and get Stealth as your result that means your firewall is doing it’s job, and that you have not created a forwarding rule to override that proper behavior.  All good so far.

          But it does not mean you are (or are not) patched for the Bluekeep vulnerability. Just that your risk of exposure from outside your LAN is mitigated.

          Feel it’s worth reminding people that some of the advanced malware we see in the wild uses multiple vulnerabilities in layers to spread across your machines on your LAN.

          Say an employee (or your kid) clicks a bad link and gets a local profile infection.  First payload.  Next that local infection starts probing the machine for elevation vulns.  Or it starts scanning your LAN for other machines with network escalation vulns.  Second payload deployed.

          Now it finds either an SMBv1 vuln, or in the near future the Bluekeep vuln on another machine on your network and infects it.

          But . . .  but I tested and got “Stealth!”  Remember that’s from the outside looking in: once anything gets past your firewall all bets are off friends.

          ~ Group "Weekend" ~

          4 users thanked author for this post.
    Viewing 4 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: BlueKeep Scare – how to confirm I'm patched?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.