Share via

Is there an official script/app for ms17-010

Rocky Sanchez 0 Reputation points
2026-04-14T22:10:52.24+00:00

I need a script stating that MS17-010 is patched and poses no issue. AI says the cumulative recent patch has the fix. However, a security company insists it is not installed. Their tool is looking for a patch that nine years of patching has replaced.  Not to mention the servers were brought online years after the initial fix anyway.  So, if there is an official app/script put out by Microsoft that I can uno reverse them, that would make me so happy.

Windows for business | Windows Server | Devices and deployment | Set up, install, or upgrade
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Domic Vo 20,250 Reputation points Independent Advisor
    2026-04-15T00:08:32.7433333+00:00

    Hello,

    MS17‑010 was originally released in March 2017 to address vulnerabilities in SMBv1. Since then, every supported Windows release has incorporated the fix into cumulative updates. That means if your servers were deployed years after the original bulletin, or if they are fully patched with current cumulative updates, the MS17‑010 vulnerabilities are already remediated. Security scanners that still look for the original KB numbers (for example KB4012212, KB4012215, KB4012216, etc.) will often report a false negative because those individual patches have been superseded by newer cumulative updates.

    Microsoft’s official position is that once a cumulative update supersedes a security fix, the vulnerability remains patched even if the original KB is not present. There is no separate “re‑install” of MS17‑010 on modern builds. The authoritative reference is the Microsoft Security Response Center (MSRC) advisory for CVE‑2017‑0144 and CVE‑2017‑0145, which confirms that the vulnerabilities are addressed in all supported cumulative updates.

    To demonstrate compliance, the recommended approach is to run Microsoft’s own Windows Update compliance reports or use the Get‑HotFix PowerShell cmdlet to show the current cumulative update level. For example:

    powershell

    Get-HotFix | Where-Object {$_.HotFixID -like "KB*"}

    If the system shows the latest cumulative update installed, you can reference Microsoft’s documentation that cumulative updates include all prior security fixes, including MS17‑010.

    There is no official standalone script from Microsoft that “proves” MS17‑010 is patched, because the patch is now part of the servicing baseline. The supported way to counter third‑party scanner claims is to provide evidence of the installed cumulative update and point to Microsoft’s documentation that confirms supersedence. If the security company insists on seeing the original KB, you can explain that their detection logic is outdated and does not account for cumulative servicing.

    In short, the servers are protected as long as they are fully patched. The authoritative proof is the cumulative update level, not the presence of the original KB.

    I hope you've found something useful here. If it helps you get more insight into the issue, it's appreciated to accept the answer. Should you have more questions, feel free to leave a message. Have a nice day!

    Domic Vo.

    0 comments
  2. Q&A Assist
    2026-04-14T22:11:05.5433333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    Yes. Microsoft published an official PowerShell script specifically to verify whether MS17‑010 is installed by checking the srv.sys file version against known patched baselines.

    The script from the Microsoft support article “How to verify that MS17-010 is installed” does the following:

    1. Detects the OS version via WMI (Win32_OperatingSystem).
    2. Locates %systemroot%\system32\drivers\srv.sys.
    3. Reads the file version of srv.sys.
    4. Compares it to the minimum expected version for that OS/build that includes MS17‑010.
    5. Outputs either:
      • System is Patched (in green), or
      • System is NOT Patched (in red).

    Key points from the script logic:

    • It supports Windows XP, Windows Server 2003, and later, including Windows 7, 8, 8.1, 10, and Windows Server 2008/2012/2012 R2/2016.
    • For each OS, it defines an expectedVersion of srv.sys that corresponds to MS17‑010 being present. Examples:
      • Windows 7 / Windows Server 2008 R2: 6.1.7601.23689
      • Windows 8: 6.2.9200.22099
      • Windows 8.1 / Windows Server 2012 R2: 6.3.9600.18604
      • Windows 10 Version 1507: 10.0.10240.17319
      • Windows 10 Version 1511: 10.0.10586.839
      • Windows 10 Version 1607 / Windows Server 2016: 10.0.14393.953
    • For Windows 10 Version 1703 (build 15063, “RS2”), the script explicitly states: "No need to Patch. RS2 is released as patched." and exits, because that release already includes the fix.

    To use it:

    1. Copy the full script from the Microsoft article into a .ps1 file (for example, Check-MS17-010.ps1).
    2. Run it in PowerShell with at least PowerShell 2.0 on the target machine.
    3. Capture the output showing Current OS, Expected Version of srv.sys, Actual Version of srv.sys, and the final status System is Patched or System is NOT Patched.

    That script is Microsoft’s own verification method and can be used as official evidence that the system’s srv.sys version meets or exceeds the MS17‑010 baseline, even if the original KB has been superseded by later cumulative updates.

    Additionally, the same article documents “Method 1: Check by installed Knowledge Base number,” listing the KBs and corresponding srv.sys versions that contain MS17‑010 for various Windows versions (for example, KB4012212/KB4012215 for Windows 7/Server 2008 R2, KB4012213/KB4012216 for Windows 8.1/Server 2012 R2, and the Windows 10/Server 2016 cumulative updates). Those KBs may have been superseded, but the srv.sys version comparison in the script remains valid.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.