News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • BlueKeep Scare – how to confirm I'm patched?

    Posted on noblame no gain Comment on the AskWoody Lounge

    Home Forums Code Red – Security/Privacy advisories BlueKeep Scare – how to confirm I'm patched?

    This topic contains 6 replies, has 5 voices, and was last updated by

     NetDef 4 weeks, 1 day ago.

    • Author
      Posts
    • #1847916 Reply

      noblame no gain
      AskWoody Lounger

      Wowzza the CIA is gettin in on this now, new scare notice posted everywhere Tuesday June18.

      So I patched 10 days ago, but curious, is there a file name search to examine it’s date or any other metadata search I can perform to confirm I’m successfully patched on Win7 & 10? I have both machines.

      be well, breathe and honor wabi sabi

    • #1848112 Reply

      anonymous

      For Windows 7 you should be able to see if you have KB4499164 (monthly roll-up) or KB4499175 (security only) installed in Programs and Features. Windows 10 is not listed as affected by CVE-2019-0708.

      Microsoft’s Bluekeep advisory:
      https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

      1 user thanked author for this post.
    • #1848182 Reply

      Rick Corbett
      AskWoody_MVP

      Try this:

      1. In Windows 7 (or 8.x), open a cmd prompt (it doesn’t have to be elevated – ‘cos you’re only checking, not changing anything) and enter powershell.

      2. At PowerShell‘s PS prompt enter the following command:

      Get-HotFix -Id KB4499164,KB4499175

      This will check for both updates. You will see one of the two following results (for not found and found respectively):

      hotfix_not_found

      hotfix_found

      (See this TechNet Get-HotFix article for more info.)

      Hope this helps…

      Attachments:
      1 user thanked author for this post.
    • #1848211 Reply

      NetDef
      AskWoody_MVP

      Here are a some extensive resource pages on how to check the patch status, as well as test many machines directly on a LAN.

      How To: BlueKeep-Check for Windows

      and

      https://www.bleepingcomputer.com/news/security/finding-windows-systems-affected-by-bluekeep-remote-desktop-bug/

      ~ Group "Weekend" ~

      2 users thanked author for this post.
    • #1848231 Reply

      Rick Corbett
      AskWoody_MVP

      @netdef – I particularly liked the tip in the bleepingcomputer.com article to use Steve Gibson’s ShieldsUP! to scan specifically for the status of the vulnerable port 3389. How easy is that!?! 🙂

      1 user thanked author for this post.
      • #1857263 Reply

        HiFlyer
        AskWoody Lounger

        @netdef – I particularly liked the tip in the bleepingcomputer.com article to use Steve Gibson’s ShieldsUP! to scan specifically for the status of the vulnerable port 3389. How easy is that!?! 🙂

        Report says “Stealth” I understand that’s good.  I want to check all ports with GRC Shields Up or another tool if it’s better.   Thanks in advance for your help

      • #1857321 Reply

        NetDef
        AskWoody_MVP

        Just want to point out that Steve’s Shields Up test pages probe your firewall (or lack thereof).  They are not probing your machine directly unless you are connected directly to the Internet with no router / firewall (something we should never allow.)

        If you test port 3389 and get Stealth as your result that means your firewall is doing it’s job, and that you have not created a forwarding rule to override that proper behavior.  All good so far.

        But it does not mean you are (or are not) patched for the Bluekeep vulnerability. Just that your risk of exposure from outside your LAN is mitigated.

        Feel it’s worth reminding people that some of the advanced malware we see in the wild uses multiple vulnerabilities in layers to spread across your machines on your LAN.

        Say an employee (or your kid) clicks a bad link and gets a local profile infection.  First payload.  Next that local infection starts probing the machine for elevation vulns.  Or it starts scanning your LAN for other machines with network escalation vulns.  Second payload deployed.

        Now it finds either an SMBv1 vuln, or in the near future the Bluekeep vuln on another machine on your network and infects it.

        But . . .  but I tested and got “Stealth!”  Remember that’s from the outside looking in: once anything gets past your firewall all bets are off friends.

        ~ Group "Weekend" ~

        3 users thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: BlueKeep Scare – how to confirm I'm patched?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.