logo

Query Exchange

Built off the open source project Osquery

The VMware Carbon Black Tech Zone is live! Checkout this great resource: Mastering Carbon Black Audit & Remediation.

Printnightmare - CVE-2021-34527 - Windows Patch verification

Status: Approved Submitted by on ‎07-09-2021 02:44 PM

Description: Query looks for Windows patch released for CVE-2021-34527 (anything between KB5004945 - KB5004960).

What The Data Shows: Data will list system hostname and hotfix_id which have at least one of the patch applied. 

SQL: SELECT csname,hotfix_id FROM patches WHERE hotfix_id BETWEEN 'KB5004945' AND 'KB5004960';

 

Comment
1 Comment
jnelson
Carbon Black Employee
‎07-12-2021 02:19 PM
‎07-12-2021 02:19 PM
Status changed to: Approved

@jc_1 Thanks for the submission, but I do need to make everyone aware that queries based on KBs from the patches table get outdated very quickly, and should be used with caution. They get outdated as new KBs are released that supersede KBs in the query. In this case, you may have the new KBs installed, but think you are vulnerable. 

logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.