Verfication of particular KB and installing it

Varma 1,380 Reputation points
2024-03-12T05:11:25.22+00:00

how do I know whether following KB are installed on virtual machines?

The vulnerability can be remediated by installing KB5034770 for (OS Build 20348.2322) and KB5034768 for (OS Build 17763.5458).

if not how to install this KB?

this is related to below:

CVE-2024-21412 is a high severity vulnerability in Microsoft Defender SmartScreen which is currently being exploited by a threat actor dubbed Water Hydra (AKA DarkCasino) in a campaign targeting financial market traders. Exploitation of CVE-2024-21412 requires the user to open a malicious file, which makes exploitation less likely in cloud environments.

Please suggest

Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
304 questions
0 comments
Accepted answer
  1. SwathiDhanwada-MSFT 18,756 Reputation points
    2024-03-12T05:39:14.7166667+00:00

    @Varma To check if the any patch is installed on a virtual machine, you can use the following steps:

    1. Connect to the virtual machine using Remote Desktop or another remote access tool.
    2. Open the Control Panel and navigate to Programs and Features.
    3. Click on the "View installed updates" link on the left-hand side of the window.
    4. Look for the respective patch in the list of installed updates. If it is installed, it will be listed with the other updates.

    Also, you can check the list of hotfixes installed by executing Get-HotFix PowerShell Command. Also, do note that the KB varies based on the operating system. For more information, refer this :https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412

    If you are using Azure Update Manager, you can retrieve the list of uninstalled patches using below query.

    patchinstallationresources
| where type has "softwarepatches"
| extend machineName = tostring(split(id, "/", 8)), resourceType = tostring(split(type, "/", 0)), tostring(rgName = split(id, "/", 4)), tostring(RunID = split(id, "/", 10)) 
| extend prop = parse_json(properties) 
| extend lTime = todatetime(prop.lastModifiedDateTime), patchName = tostring(prop.patchName), kbId = tostring(prop.kbId), installationState = tostring(prop.installationState), classifications = tostring(prop.classifications) 
| where lTime > ago(7d)
| where kbId == 890830
| project lTime, RunID, machineName, rgName, resourceType, patchName, kbId, classifications, installationState
 | sort by RunID

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.