Built off the open source project Osquery
Description: Query checks for CVE-2020-0796 Windows SMBv3 Client/Server Remote Code Execution Vulnerability.
What The Data Shows: Data will show whether windows host have patched or not. More details can be found at https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0796
SQL:
WITH kb AS
(SELECT COUNT(*) AS cnt,
1 AS one
FROM patches
WHERE hotfix_id = "KB4551762"),
osver AS
(SELECT COUNT(*)*2 AS cnt,
1 AS one
FROM os_version
WHERE build = 18363
OR build = 18362)
SELECT
CASE (kb.cnt+osver.cnt)
WHEN 2 THEN "CRITICAL_PATCH_MISSING"
WHEN 3 THEN "SYSTEM_IS_PATCHED"
ELSE "PATCH_NOT_APPLICABLE"
END "CVE-2020-0796:SMBv3 RCE"
FROM kb
JOIN osver USING (one);
Fix: hotfix_id = "KB4551762"
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.