Even though it’s been over a year since it was released into the wild, I think everyone still remembers Conficker.  I recall it well.  In fact only about two months or so ago I just worked with another prospect who was infected quite severely with Conficker.  Windows Update Services (WUS) had not installed the patch correctly to their environment and their AV was blocking around 15k infections per day.  Needless to say, they were struggling to protect themselves as the WUS was disabled by Conficker on their machines.  One deployment using Shavlik to rollout MS08-067 and they were down to their AV blocking only 12 infections the following morning across a handful of machines that were not available during the previous nights’ deployment.  A PO followed shortly after, of course, and they are now patching using Shavlik.  A great success story, but the part that was most effective in reassuring management that they were protected was the report they ran after the deployment was complete.

It’s been two weeks after the release of MS10-002.  Do you know where you stand currently?  If not, and you are a Shavlik NetChk Protect user, try this report using the advanced filter and see if it helps you gain an understanding of how close you are to fully protected vs MS10-002.  Complete the following steps:

  1. In the report gallery choose the Condensed Patch Listing.
  2. Check the use advanced filter box.
  3. Under scans and deployments choose the radio button for View Current Status.
  4. Under Patches Bulletin IDs scroll down and check just MS10-002.
  5. Generate this report and you will have a report of each machines status of MS10-002.   Depending on the number of machines you could also do a variation of this filter and under Patch Properties you can choose Missing.  This will give you the latest on all machines that are still missing the patch.

It is great to know the overall patch status of your machines, but there are times when you need to answer very specific questions very quickly.  The advanced filter is a great way to do this.

- Chris Goettl