MS17-010: Detect Vulnerability for WannaCry based on File Version of Srv.sys - Windows 8.1 / Windows Server 2012 R2
Log In or Register to download the BES file, and more.

1 Votes

Description

Use this Analysis to detect the file version of your Srv.sys, and determine whether it is up-to-date to protect against WannaCry vulnerability.

THIS CONTENT IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


Property Details

ID2998558
StatusBeta - Preliminary testing ready for more
TitleMS17-010: Detect Vulnerability for WannaCry based on File Version of Srv.sys - Windows 8.1 / Windows Server 2012 R2
DomainBESC
KeywordsWannaCry, MS17-010, Microsoft
Added by on 5/17/2017 12:29:47 AM
Last Modified by on 5/17/2017 12:29:47 AM
Counters 7479 Views / 81 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

Srv.sys File Version
Period Every Report
 
  * Results in a true/false
Show indented relevance
unique values of versions of files "srv.sys" of folders "drivers" of (system folder; native system folder)
MS17-010 Expected Version
Period 30 days
 
  * Results in a true/false
Show indented relevance
"6.3.9600.18604"
Vulnerable to WannaCry
Period Every Report
 
  * Results in a true/false
Show indented relevance
if (exists files "srv.sys" whose (version of it < "6.3.9600.18604") of folders "drivers" of (system folder; native system folder)) then ("Yes") else ("No")

Relevance

Used in 1 analsis   * Results in a true/false
Show indented relevance
(name of it = "Win8.1" OR name of it = "Win2012R2" OR (name of it = "Win8" OR name of it = "Win2012") AND value "CurrentVersion" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" of native registry as string is "6.3") of operating system

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!