Skip to content

Instantly share code, notes, and snippets.

@spuder

spuder/win2012r2.ps1

Last active April 10, 2025 21:30
Show Gist options
  • Save spuder/76e0530a50e4f785aab5ecf0136dd79e to your computer and use it in GitHub Desktop.
Save spuder/76e0530a50e4f785aab5ecf0136dd79e to your computer and use it in GitHub Desktop.
Download ZIP
Powershell patch wannacry (MS17-010)
Raw
win2012r2.ps1
# This is the security roll up that includes the fix for the wannaCry vuln
# It only works on 64 bit windows 8.1 and windows 2012r2 systems
# It assumes you are moderatly up to date on windows updates.
# Will proabably fail if system is way behind on updates since it won't have dependent updates installed.
# only tested on win2012r2. USE AT YOUR OWN RISK
# IT WILL REBOOT THE SYSTEM
# Create a windows task to wrap the script since [winrm is dumb and wont allow wusa.exe to execute](https://superuser.com/questions/894826/invoke-command-using-wusa-exe-in-powershell-wont-install-the-msu)
# The code to create a scheduled task [comes from here](https://github.com/hashicorp/best-practices/blob/master/packer/scripts/windows/install_windows_updates.ps1)
$command = { Invoke-WebRequest -useb -Uri "http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/02/windows8.1-kb4012213-x64_5b24b9ca5a123a844ed793e0f2be974148520349.msu" -outfile windows8.1-kb4012213-x64_5b24b9ca5a123a844ed793e0f2be974148520349.msu; wusa.exe /install /quiet /norestart windows8.1-kb4012213-x64_5b24b9ca5a123a844ed793e0f2be974148520349.msu;}
$TaskName = "WannaCryFix"
$User = [Security.Principal.WindowsIdentity]::GetCurrent()
$Scheduler = New-Object -ComObject Schedule.Service
$Task = $Scheduler.NewTask(0)
$RegistrationInfo = $Task.RegistrationInfo
$RegistrationInfo.Description = $TaskName
$RegistrationInfo.Author = $User.Name
$Settings = $Task.Settings
$Settings.Enabled = $True
$Settings.StartWhenAvailable = $True
$Settings.Hidden = $False
$Action = $Task.Actions.Create(0)
$Action.Path = "powershell"
$Action.Arguments = "-Command $command"
$Task.Principal.RunLevel = 1
$Scheduler.Connect()
$RootFolder = $Scheduler.GetFolder("\")
$RootFolder.RegisterTaskDefinition($TaskName, $Task, 6, "SYSTEM", $Null, 1) | Out-Null
$RootFolder.GetTask($TaskName).Run(0) | Out-Null
sleep 2
Do {
Write-Host "Waiting for scheduled task to finish"
sleep 10
}
Until ($RootFolder.GetTask($TaskName).State -eq 3)
$RootFolder.DeleteTask($TaskName,0)
Restart-Computer -Force
@spuder
Copy link
Author

spuder commented May 15, 2017
edited
Loading

To deploy

$servers = @('server1.example.com', 'server2.example.com')
  foreach ($s in $servers) {
  Invoke-Command  -ScriptBlock { iwr -useb https://gist.github.com/spuder/76e0530a50e4f785aab5ecf0136dd79e/raw/da17c6f0aaf34a6057e1eeab6531710ba1581cd7/win2012r2.ps1 | iex } -ComputerName $s
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment