WannaCry ransomware hit the news by infecting high-profile targets via a security hole that existed in Windows prior to 13.03.2017 when it was patched.
I created a script that connects to the vCenter and checks if the latest hotfix in the system was installed before or after Microsoft released the patch. This doesn’t give 100% protection since some fixes might have been installed manually but the required one omitted.
However, in centralized IT environments that rely on turned on Windows Update service that applies all important updates, it might be a good way to check for the vulnerability.
Link to my repo:
https://github.com/doshyt/Wannacry-UpdatesScan
I work on bringing similar functionality to PS Remoting and also looking for ways to figure out if a new patch was installed but not the one fixing the problem.
UPDATE 19.05:
I added a useful script that performs a remote check for SMBv1 being enabled for Windows 8 / Server 2012 + machines. It can be run against a list of computer names / FQDNs.
https://github.com/doshyt/Wannacry-UpdatesScan/blob/master/checkSmbOn.ps1
Returns $true if SMBv1 is enabled on a system level.
To turn off SMBv1, execute the following command on a remote machine
Set-SmbServerConfiguration -EnableSMB1Protocol $false
Cloud Application Security 