This Knowledge Base article is provided as is and does not replace supersedence data that is provided through the normal update channels. Supersedence information that post-dates the following data can be found in the Security Update Guide and other collateral tools.
See the products that this article applies to.
Security update MS17-010 addresses several vulnerabilities in Windows Server Message Block (SMB) v1. The WannaCrypt ransomware is exploiting one of the vulnerabilities that is part of the MS17-010 update. Computers that do not have MS17-010 installed are at heightened risk because of several strains of malware. This article provides several quick methods to detect whether the computer is updated.
Use the following table to check for any of the listed updates (except the ones marked as "Does not contain MS17-010 patch"). If any of these is installed, MS17-010 is installed.
Table 1 of 2: Windows 7 SP1 and later. The following rollup KBs contain the fix (except in the "April Security Only 4B" column). Beneath each KB number is the updated Srv.sys version number.
March Security Only Update (3/14/17)
March Monthly Rollup
(3/14/17)
March Preview of Monthly Rollup
(3/21/17)
April Security
Only Update
(4/11/17)
April Monthly Rollup
(4/11/17)
April Preview of Monthly Rollup
(4/18/17)
May Security Only Update
(5/09/17)
May Monthly Rollup
(5/09/17)
Windows 7 SP1 and Windows Server 2008 R2 SP1
4015546
Does not contain MS17-010 patch
4015548
Does not contain MS17-010 patch
Windows 8.1 and Windows Server 2012 R2
4015547 Does not contain MS17-010 patch
Windows 10 Version 1507
Windows 10 Version 1511
Windows 10 Version Windows Server 2016
Table 2 of 2: Continued for the May and June 2017 updates.
May Preview of Monthly Rollup
June Security Only Update
June Monthly Rollup
Windows 7 and Server 2008 R2
Windows Server 2012
Windows 8.1 and Windows Server 2012 R2
Windows 10 Version 1507
Windows 10 Version 1511
Windows 10 Version 1607 and Windows Server 2016
Table 2: Other Windows versions. Use KB 4012598 for the security update.
KB number and
updated Srv.sys version
Windows Server 2003 SP2
Windows Vista SP2
4012598
GDR:6.0.6002.19743
LDR:6.0.6002.24067
Windows Server 2008 SP2
4012598
GDR:6.0.6002.19743
LDR:6.0.6002.24067
Table 3: Additional updates that contain the fix.
Method 2: Check by %systemroot%\system32\drivers\srv.sys file version
Use the following chart to check the file version of %systemroot%\system32\drivers\srv.sys. If the file version is equal to or greater than the listed version, MS17-010 is installed.
Minimum updated Srv.sys version
Windows Server 2003 SP2
Windows Vista
Windows Server 2008 SP2
Windows 7
Windows Server 2008 R2
Windows 8
Windows Server 2012
Windows 8.1
Windows Server 2012 R2
Windows 10 TH1 v1507
Windows 10 TH2 v1511
Windows 10 RS1 v1607
Windows Server 2016
Method 3: Check by WMI and Windows PowerShell
Use WMI and Windows PowerShell to determine whether MS17-010 fixes have been installed.
WMI command
To find a specified KB number, open an elevated Command Prompt window, and then run the following command:
wmic qfe get hotfixid | find "KB1234567"
PowerShell commands
To check in the local system, run the following administrative PowerShell cmdlet:
get-hotfix -id KB1234567
To check all computers in an Active Directory domain or OU, run the following administrative PowerShell cmdlet on a domain controller:
Note The "OU=workstations,dc=contoso,dc=com" part can be changed to point to the root of an Active Directory domain directory partition, such as "dc=contoso,dc=com" to search computers in the entire domain. In this command, replace KB1234567> with the actual KB number.
If prerequisite fixes are not installed on the computers, you may receive the following error message when you install MS17-010 on Windows 8.1 or Windows Server 2012 R2:
The update is not applicable to your computer
To resolve this error, follow these steps:
The following Windows PowerShell script compares the Srv.sys version on the local computer with the versions that are listed in the chart in Method 2.
Save this script to a .ps1 file, and then run the script from PowerShell. This script applies to Windows XP and Windows Server 2003 and later versions. It requires Windows PowerShell 2.0 or a later version.
[reflection.assembly]::LoadWithPartialName("System.Version") $os = Get-WmiObject -class Win32_OperatingSystem $osName = $os.Caption $s = "%systemroot%\system32\drivers\srv.sys" $v = [System.Environment]::ExpandEnvironmentVariables($s) If (Test-Path "$v") < Try < $versionInfo = (Get-Item $v).VersionInfo $versionString = "$($versionInfo.FileMajorPart).$($versionInfo.FileMinorPart).$($versionInfo.FileBuildPart).$($versionInfo.FilePrivatePart)" $fileVersion = New-Object System.Version($versionString) >Catch < Write-Host "Unable to retrieve file version info, please verify vulnerability state manually." -ForegroundColor Yellow Return >> Else < Write-Host "Srv.sys does not exist, please verify vulnerability state manually." -ForegroundColor Yellow Return >if ($osName.Contains("Vista") -or ($osName.Contains("2008") -and -not $osName.Contains("R2"))) < if ($versionString.Split('.')[3][0] -eq "1") < $currentOS = "$osName GDR" $expectedVersion = New-Object System.Version("6.0.6002.19743") >elseif ($versionString.Split('.')[3][0] -eq "2") < $currentOS = "$osName LDR" $expectedVersion = New-Object System.Version("6.0.6002.24067") >else < $currentOS = "$osName" $expectedVersion = New-Object System.Version("9.9.9999.99999") >> elseif ($osName.Contains("Windows 7") -or ($osName.Contains("2008 R2"))) < $currentOS = "$osName LDR" $expectedVersion = New-Object System.Version("6.1.7601.23689") >elseif ($osName.Contains("Windows 8.1") -or $osName.Contains("2012 R2")) < $currentOS = "$osName LDR" $expectedVersion = New-Object System.Version("6.3.9600.18604") >elseif ($osName.Contains("Windows 8") -or $osName.Contains("2012")) < $currentOS = "$osName LDR" $expectedVersion = New-Object System.Version("6.2.9200.22099") >elseif ($osName.Contains("Windows 10")) < if ($os.BuildNumber -eq "10240") < $currentOS = "$osName TH1" $expectedVersion = New-Object System.Version("10.0.10240.17319") >elseif ($os.BuildNumber -eq "10586") < $currentOS = "$osName TH2" $expectedVersion = New-Object System.Version("10.0.10586.839") >elseif ($os.BuildNumber -eq "14393") < $currentOS = "$($osName) RS1" $expectedVersion = New-Object System.Version("10.0.14393.953") >elseif ($os.BuildNumber -eq "15063") < $currentOS = "$osName RS2" "No need to Patch. RS2 is released as patched. " return >> elseif ($osName.Contains("2016")) < $currentOS = "$osName" $expectedVersion = New-Object System.Version("10.0.14393.953") >elseif ($osName.Contains("Windows XP")) < $currentOS = "$osName" $expectedVersion = New-Object System.Version("5.1.2600.7208") >elseif ($osName.Contains("Server 2003")) < $currentOS = "$osName" $expectedVersion = New-Object System.Version("5.2.3790.6021") >else < Write-Host "Unable to determine OS applicability, please verify vulnerability state manually." -ForegroundColor Yellow $currentOS = "$osName" $expectedVersion = New-Object System.Version("9.9.9999.99999") >Write-Host "`n`nCurrent OS: $currentOS (Build Number $($os.BuildNumber))" -ForegroundColor Cyan Write-Host "`nExpected Version of srv.sys: $($expectedVersion.ToString())" -ForegroundColor Cyan Write-Host "`nActual Version of srv.sys: $($fileVersion.ToString())" -ForegroundColor Cyan If ($($fileVersion.CompareTo($expectedVersion)) -lt 0) < Write-Host "`n`n" Write-Host "System is NOT Patched" -ForegroundColor Red >Else < Write-Host "`n`n" Write-Host "System is Patched" -ForegroundColor Green >#