I became an evil hacker who was preying on I.T. managers!!! At least that’s what the initial reaction was. I was caught off guard, the big boss called me in his office and had asked why I had accessed his PC along with other (high level) managers? The CEO also wanted to know what business I had accessing his machine? I had NO idea what they were talking about, but I had to find out what was going on…
I finally had a reason to use Ying Li’s script that compares two arrays and I must tell you it worked beautifully… What a time saver!!! The big boss comes to me (as I’ve become his go-to-guy when he needs something done quick) and asks if I could create an email distribution list which contains 1000 users. I said “no problem” do you have the list of users? He presented me the list and told me it is of the utmost importance that everyone on this list receives an email that will be distributed at the end of the week. Again we say, “NO Problem!!!”
During the Conficker storm I had released a script that would check for the installation of Hot Fix KB958644, which was to assists is thwarting off the worm. Many of you sent in messages asking if there is a way, with PowerShell, to detect which MS Patches are NOT installed on a machine. The answer is No! … but I’ll still show you how to get the information.
…it’s because I no longer have to! And you too will no longer document your computers and servers either. Why? Because PowerShell is going to do it for you and I’m going to share with you how I did it. Yes, it is going to be presented well, in Excel, and the Boss is going to think that you are the greatest thing since sliced bread.
McAfee has posted a Confiker Detection tool that scans IP ranges for infected machines. You can download the tool here.
The two ways to protect your systems are to make sure that you have the Microsoft Hot Fix KB958644 from Microsoft Security Bulletin MS08-067 installed on your systems and to update your virus definitions.
I was asked to write a PowerShell script that would check all machines on the domain for the installation of the hot fix. I am sharing the code with you in hopes that this will assist in your defenses against the Confiker worm.