icon-bg
icon-bg
icon-bg
09 Jul, 2021

Keep track of MS Windows security updates with TNI

On July 6 and 7, patches were released by Microsoft for all current versions of Windows after a critical vulnerability has been discovered with its Print Spooler service. Microsoft has also released the patch for Windows 7 which ended full support last year but remains in extended support. The vulnerability, dubbed PrintNightmare, allows attackers to remotely execute commands with system-level privileges.

Total Network Inventory will help you quickly discover which computers on your network are already patched. For example, here’s the situation for KB5004945 and KB5004954:

To be able to collect this information, the Windows updates scan must be enabled in Scanner settings. 

The template for the report shown above can be downloaded from this link.

To import the template into the program, scroll down the sidebar in Table reports, open the context menu for Custom templates and select the Import option.

There’s a workaround for computers where the fix has not been installed yet. You can stop the unsafe service by adding the following commands as Actions to the network tree context menu and then remotely executing them:

{$GROUP}PrintNightmare
{$MULTI}{$IF WIN,ONLINE}1 - Print Spooler - Stop=sc \\%HOST% stop Spooler
{$MULTI}{$IF WIN,ONLINE}2 - Print Spooler - Disable autostart=sc \\%HOST% config Spooler start=disabled
{$MULTI}{$IF WIN,ONLINE}3 - Print Spooler - Enable autostart=sc \\%HOST% config Spooler start=auto
{$MULTI}{$IF WIN,ONLINE}4 - Print Spooler - Start=sc \\%HOST% start Spooler
{$END GROUP}

But before doing that, make sure that the account where Total Network Inventory is running has sufficient privileges to execute these commands.