#108465 - 2003-11-20 11:36 AM
Updating security patch:
|
Stephen Wintle
Seasoned Scripter
Registered: 2001-04-10
Posts: 444
Loc: England
|
I was helped recently with a patch issue. I had to update by w2k clients to ensure they werent suseptable to attack through nachi/blaster. However I cant find this thread (I used to search on my user name before the board layout change). Could someone provide me with a few hints on how I would check my existing clinets if I had a security patch and if not update with this.
Thanks
Steve.
ps I think the new layout is much better...
_________________________
Dont worry because a rival imitates you. As long as they follow in your tracks they cant pass you!
|
Top
|
|
|
|
#108466 - 2003-11-20 11:50 AM
Re: Updating security patch:
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
untested... and would only work for the newer patches win2k +
$file = readvalue('HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB824141\Filelist\0','Filename') $path = readvalue('HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB824141\Filelist\0','Location') $vers = readvalue('HKLM\SOFTWARE\Microsoft\Updates\Windows XP\SP1\KB824141\Filelist\0','Version') if @error or getfileversion($path+'\'+$file) < $vers shell '\\server\sertup\folder\patch.exe -q -u -z -n -o' endif
|
Top
|
|
|
|
#108467 - 2003-11-20 12:10 PM
Re: Updating security patch:
|
Co
MM club member
Registered: 2000-11-20
Posts: 1341
Loc: NL
|
Tested: Excuse me for the Dutch comment. I'm a bit lazy today .I think you will understand the script without understanding the comment... Code:
; ************************************************************************************************************** ; * * ; * Dit script controleerd of het W32.Blaster virus of varianten hiervan aanwezig is op Windows XP pc's. * ; * Indien dit niet het geval is wordt het alsnog geinstalleerd. * ; * Als het script het virus aantreft wordt het gelogd. * ; * * ; * 14/08/2003 - Co * ; * * ; **************************************************************************************************************
$sys='system32' If @inwin = 2 $sys='system' EndIf
$srv='\\server\log$\MSblaster\'+@wksta+'.log'
$reg = ReadValue("HKLM\Software\Microsoft\Windows\currentVersion\Run","Windows auto update") If @error = 0 Open(1,$srv,5) $logdata='Workstation'+Chr(9)+'OS'+Chr(9)+'Build'+Chr(9)+'SP'+Chr(9)+'NT '+'Mac'+Chr(9)+'IPAddress'+Chr(9)+'UserID'+Chr(9)+'Full Name'+Chr(9)+'privilege level'+Chr(9)+'day'+Chr(9)+'date'+Chr(9)+'Time'+Chr(13)+Chr(10) $actie='Regkey Windows auto update is verwijderd'+Chr(13)+Chr(10) $nul=WriteLine(1,$logdata) $logdata=@Wksta+Chr(9)+@ProductType+Chr(9)+@Build+Chr(9)+@CSD+Chr(9)+@Dos+Chr(9)+@Address+Chr(9)+@IPADDRESS0+Chr(9)+@UserID+Chr(9)+@FullName+Chr(9)+@priv+Chr(9)+@day+Chr(9)+@date+Chr(9)+@Time+Chr(13)+Chr(10) $nul=WriteLine(1,$logdata) $nul=WriteLine(1,$actie) DelValue("HKLM\Software\Microsoft\Windows\currentVersion\Run","Windows auto update") $nul=Close(1) EndIf
If Exist("%windir%\$sys\msblast.exe")<>0 Open(1,$srv,5) $logdata='Workstation'+Chr(9)+'OS'+Chr(9)+'Build'+Chr(9)+'SP'+Chr(9)+'NT'+Chr(9)+'Mac'+Chr(9)+'IPAddress'+Chr(9)+'UserID'+Chr(9)+'Full Name'+Chr(9)+'privilege level'+Chr(9)+'day'+Chr(9)+'date'+Chr(9)+'Time'+Chr(13)+Chr(10) $actie='msblast.exe is verwijderd'+Chr(13)+Chr(10) $nul=WriteLine(1,$logdata) $logdata=@Wksta+Chr(9)+@ProductType+Chr(9)+@Build+Chr(9)+@CSD+Chr(9)+@Dos+Chr(9)+@Address+Chr(9)+@IPADDRESS0+Chr(9)+@UserID+Chr(9)+@FullName+Chr(9)+@priv+Chr(9)+@day+Chr(9)+@date+Chr(9)+@Time+Chr(13)+Chr(10) $nul=WriteLine(1,$logdata) $nul=WriteLine(1,$actie) Shell "%COMSPEC% /e:1024 /c \\server\location\RESOLVE.COM -DF=BLASTERA.DAT -NOC > nul" Del "%windir%\$sys\msblast.exe" $nul=Close(1) EndIf
If Exist("%windir%\$sys\teekids.exe")<>0 Open(1,$srv,5) $logdata='Workstation'+Chr(9)+'OS'+Chr(9)+'Build'+Chr(9)+'SP'+Chr(9)+'NT'+Chr(9)+'Mac'+'IPAddress'+Chr(9)+'UserID'+Chr(9)+'Full Name'+Chr(9)+'privilege level'+Chr(9)+'day'+Chr(9)+'date'+Chr(9)+'Time'+Chr(13)+Chr(10) $actie='teekids.exe is verwijderd'+Chr(13)+Chr(10) $nul=WriteLine(1,$logdata) $logdata=@Wksta+Chr(9)+@ProductType+Chr(9)+@Build+Chr(9)+@CSD+Chr(9)+@Dos+Chr(9)+@Address+Chr(9)+@IPADDRESS0+Chr(9)+@UserID+Chr(9)+@FullName+Chr(9)+@priv+Chr(9)+@day+Chr(9)+@date+Chr(9)+@Time+Chr(13)+Chr(10) $nul=WriteLine(1,$logdata) $nul=WriteLine(1,$actie) Shell "%COMSPEC% /e:1024 /c \\server\location\RESOLVE.COM -DF=BLASTERA.DAT -NOC > nul" Del "%windir%\$sys\teekids.exe" $nul=Close(1) EndIf
If Exist("%windir%\$sys\penis32.exe")<>0 Open(1,$srv,5) $logdata='Workstation'+Chr(9)+'OS'+Chr(9)+'Build'+Chr(9)+'SP'+Chr(9)+'NT'+Chr(9)+'Mac'+Chr(9)+'IPAddress'+Chr(9)+'UserID'+Chr(9)+'Full Name'+Chr(9)+'privilege level'+Chr(9)+'day'+Chr(9)+'date'+Chr(9)+'Time'+Chr(13)+Chr(10) $actie='penis32.exe is verwijderd'+Chr(13)+Chr(10) $nul=WriteLine(1,$logdata) $logdata=@Wksta+Chr(9)+@ProductType+Chr(9)+@Build+Chr(9)+@CSD+Chr(9)+@Dos+Chr(9)+@Address+Chr(9)+@IPADDRESS0+Chr(9)+@UserID+Chr(9)+@FullName+Chr(9)+@priv+Chr(9)+@day+Chr(9)+@date+Chr(9)+@Time+Chr(13)+Chr(10) $nul=WriteLine(1,$logdata) $nul=WriteLine(1,$actie) Shell "%COMSPEC% /e:1024 /c \\server\location\RESOLVE.COM -DF=BLASTERA.DAT -NOC > nul" Del "%windir%\$sys\penis32.exe" $nul=Close(1) EndIf
_________________________
Co
|
Top
|
|
|
|
#108469 - 2003-11-20 01:27 PM
Re: Updating security patch:
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
Code:
;************************************ W2K HotFix Updates ***************************************** if @ras=0 $arrkey = arrEnumKey('HKLM\SOFTWARE\Microsoft\Updates\Windows 2000\SP5') $arrdir = arrEnumDir($setup+'\Win2k_Hotfixes','*.exe',1) $reboot = 0 for each $dir in $arrdir $installed = 0 $parsed = split($dir,'-')[1] for each $key in $arrkey if $key = $parsed $installed = 1 endif next if not $installed $=sendmessage(@wksta,"A CRTICAL upgrade is now starting. Your computer will restart on it's own in about 2-3 minutes. Please do not open any programs. There is no need to click the OK button.") ? ' Installing '+$parsed shell '%comspec% /c ' + $dir + ' -q -z -u -n -o' $ = Writeprofilestring($logon+'\inventory\HotFix.log', $parsed, @wksta, @date) $reboot = 1 endif next if $reboot ShutDown ('', 'Updates have been applied that require to computer to restart', 5, 1, 1) quit endif endif
;**************************************************************************************************** function arrenumkey($regkey) dim $Keylist, $c if not keyexist($regkey) exit 87 endif do $Key = $Key+'|'+enumkey($regkey,$c) $c = $c + 1 until @error $arrenumkey = split(substr($Key,2,len($Key)-2),'|') Endfunction ;**************************************************************************************************** Function WshPipe($ShellCMD, OPTIONAL $NoEcho) Dim $oExec, $Output $oExec = CreateObject("WScript.Shell").Exec($ShellCMD) If Not VarType($oExec)=9 $WshPipe="WScript.Shell Exec Unsupported" Exit 10 EndIf While Not $oExec.Status Loop $Output = $oExec.StdOut.ReadAll + $oExec.StdErr.ReadAll If Not $NoEcho $Output Endif $WshPipe=Split($Output,CHR(10)) Exit($oExec.ExitCode) EndFunction ;**************************************************************************************************** Function arrEnumdir($directory, optional $mask, Optional $Subdir) if $subdir $subdir='/s' endif if exist($directory) $E = WshPipe('%comspec% /c dir "$directory\$mask" /b $subdir',1) redim preserve $e[ubound($e)-1] $arrEnumdir=split(join($e,'|'),chr(13)+'|') else exit 87 endif Endfunction ;****************************************************************************************************
|
Top
|
|
|
|
#108471 - 2003-11-20 04:28 PM
Re: Updating security patch:
|
Stephen Wintle
Seasoned Scripter
Registered: 2001-04-10
Posts: 444
Loc: England
|
Thanks for the help. Radimus if my clients are running a preivious service pack, for example SP4 (2000) will this script run? Also, if I want to run the security updates, eg q823980i do I replace the line "\Win2k_Hotfixes','*.exe'" with my own path...
Thankyou.
_________________________
Dont worry because a rival imitates you. As long as they follow in your tracks they cant pass you!
|
Top
|
|
|
|
#108474 - 2003-11-20 05:00 PM
Re: Updating security patch:
|
Radimus
Moderator
Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
|
of course.. if you look in that reg key all the new hotfixes go into SP5... until there is a SP5
|
Top
|
|
|
|
Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart
|
1 registered
(Allen)
and 466 anonymous users online.
|
|
|