Built off the open source project Osquery
Description: Lists endpoints that are either vulnerable or not vulnerable to the SMBleed vulnerability, CVE-2020-1206. This vulnerability allows attackers to remotely leak kernel memory, and when combined with SMBGhost, can be used for remote code execution: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1206
What The Data Shows: The data shows endpoints that are vulnerable to SMBleed. Vulnerable endpoints include Windows 10 endpoints, on version 1903, 1909, or 2004, that have not installed KB4560960 for version 1903 and 1909, or have not installed KB4557959 for version 2004. Further explanation here: https://thehackernews.com/2020/06/SMBleed-smb-vulnerability.html
SQL:
SELECT name, build, CASE WHEN EXISTS (SELECT patches.hotfix_id, os_version.name, os_version.build FROM patches, os_version WHERE (patches.hotfix_id LIKE "KB4560960" OR patches.hotfix_id LIKE "KB4557957") OR os_version.name NOT LIKE "%Windows 10%" OR (os_version.build NOT LIKE "19041" AND os_version.build NOT LIKE "18363" AND os_version.build NOT LIKE "18362") ) THEN "Not Vulnerable" ELSE "Vulnerable" END "CVE-2020-1206" FROM os_version;
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.