PrintNightMare Hotfix Check

-- PrintNightMare Hotfix/Patch Check

SELECT DISTINCT services.display_name AS Service, services.status,
'List PrintNightMare Hotfix' TEST,
CAST(GROUP_CONCAT(hotfix_id, ' '||CHAR(10)) AS TEXT) Result,

CASE
WHEN hotfix_id = 'KB5004953' THEN 'Windows Server 2008 R2(Monthly Rollup), Windows 7, Windows Embedded Standard 7'
WHEN hotfix_id = 'KB5004951' THEN 'Windows Server 2008 R2, Server 2016, Windows 7, Windows Embedded Standard 7(Security Only)'
WHEN hotfix_id = 'KB5004955' THEN 'Windows Server 2008(Monthly Rollup)'
WHEN hotfix_id = 'KB5004959' THEN 'Windows Server 2008(Security Only)'
WHEN hotfix_id = 'KB5004958' THEN 'Windows Server 2012 R2, Windows 8.1(Security Only Update)'
WHEN hotfix_id = 'KB5004954' THEN 'Windows Server 2012 R2, Windows 8.1(Security Only Update)'
WHEN hotfix_id = 'KB5004945' THEN 'Windows 10, version 1903 and later, Windows Server, version 1903 and later, Windows 10 GDR-DU'
WHEN hotfix_id = 'KB5004950' THEN 'Windows 10 LTSB(Cumulative)'
WHEN hotfix_id = 'KB5004946' THEN 'Windows 10 version 1909(Cumulative)'
WHEN hotfix_id = 'KB5004947' THEN 'Windows 10 version 1809, Server 2019(Cumulative)'
ELSE 'Hotfix not installed'
END AS HotfixEvidence,
patches.description, patches.installed_on FROM patches, services WHERE hotfix_id IN ('KB5004953', 'KB5004951', 'KB5004955', 'KB5004959', 'KB5004958', 'KB5004954', 'KB5004945', 'KB5004950', 'KB5004946', 'KB5004947') AND services.display_name = 'Print Spooler'

Jainidh Rajpal

Uncategorized

Anomalies

ATT&CK

Cloud Optix

Compliance

Data Lake

Device

Email

Events

Files

Live Response

Network

Other queries

Processes

Query Tips

Registry

Threat Hunting

User

PrintNightMare Hotfix Check