script for fix blaster
Luis GUSTAVO
I would like for a script to fix Blaster/RPC in computers
running Windows 2000 and Windows XP.
thanks,
Luis GUSTAVO
Torgeir Bakken (MVP)
> I would like for a script to fix Blaster/RPC in computers
> running Windows 2000 and Windows XP.
Hi
Fix how? A script that removes the blaster worm from the computer, or a script
that installs the security update that stops Blaster from infecting the
computer?
--
torgeir
Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of the 1328 page
Scripting Guide: http://www.microsoft.com/technet/scriptcenter
Luis Gustavo
thanks.
>.
>
Keith
The blaster patch is available from Microsoft in the form
of an executable, and you can simply use a batch script
to run it.
http://www.microsoft.com/security/incident/blast.asp
\\servername\sharename\PatchBlaster2000.exe -u -q
Hope this helps,
Keith
Torgeir Bakken (MVP)
> Torgeir Bakken wrote:
>
> > Fix how? A script that removes the blaster worm from the
> > computer, or a script that installs the security update that
> > stops Blaster from infecting the computer?
>
> Only update the computer.
Hi
Some links for remote installation:
Deployer, a tool to easily install the MS03-026 MS03-039 on
a large number of remote machines
How to Use a Visual Basic Script to Install the 824146 (MS03-039)
or 823980 (MS03-026) Security Patch on Remote Host Computers
http://support.microsoft.com?kbid=827227
If you want to implement a net send message in the 827227 script above:
http://groups.google.com/groups?threadm=3F65F696.B27B2669%40hydro.com
If you want to install the update running a local script (e.g. in a
logon script), you can try this script:
' Script that installs KB824146 - "MS03-039 A Buffer Overrun
' in RPCSS Could Allow an Attacker to Run Malicious Programs"
' on Windows 2000 and Windows XP computers
'
' Uses the install switches "/u /q /z /n" so reboot is supressed
' and no backup files are created, so it will not be possible To
' uninstall the update
' The path in the variable sPatchBasePath needs to be updated
' to the correct path relevant fot your environment
'
' Author: Torgeir Bakken
Option Explicit
Dim oShell, oFSO, sMsgBoxTitle, sTmpReg, iOsVer, iOsSPLevel
Set oShell = CreateObject("WScript.Shell")
Set oFSO = CreateObject("Scripting.FileSystemObject")
SetLocale "en-us" ' Do not remove!
sMsgBoxTitle = "MS03-039 (KB824146) install script"
iOsVer = GetOsVersionNumber
iOsSPLevel = GetSPNumberSW
' For Win2k, we need at least SP2
If iOsVer = 5 And iOsSPLevel < 2 Then
MsgBox "Your computer needs to be upgraded to Service Pack 3 or " _
& "better to be able to install the RPC security update, " _
& "please contact IS support personnel.", _
vbExclamation + vbSystemModal, sMsgBoxTitle
Elseif iOsVer = 5 Or iOsVer = 5.1 Then
' os is Win2k or WinXP, see if user has admin rights
sTmpReg = "HKLM\Software\Policies\Microsoft\Windows NT\" _
& "CurrentVersion\Winlogon\tstadmin"
On Error Resume Next
oShell.RegWrite sTmpReg, 1, "REG_DWORD"
If Err.Number <> 0 Then
MsgBox "The RPC security update MS03-039 (KB824146) needs to be" _
& " installed on this computer, please contact IS support" _
& " personnel.", vbExclamation + vbSystemModal, sMsgBoxTitle
Else
On Error Goto 0
oShell.RegDelete sTmpReg
' we are ready to start the update
InstallUpdate
End If
End If
Sub InstallUpdate
Dim sWinDir, sWinSysDir, bInstallKB824146
Dim sTmpValue, sExePath, sSwitches, bBoot, sPatchBasePath
Set sWinDir = oFSO.GetSpecialFolder(0)
Set sWinSysDir = oFSO.GetSpecialFolder(1)
bBoot = False ' init value
' UNC or drive letter based path to where the update files are placed
sPatchBasePath = "\\some server\some share\some folder"
sTmpValue = RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\" _
& "CurrentVersion\HotFix\KB824146\Installed")
If sTmpValue <> "1" Then
bInstallKB824146 = True ' init value
If iOsVer = 5 And iOsSPLevel < 5 Then
sExePath = sPatchBasePath & "\Windows2000-KB824146-x86-ENU.exe"
sSwitches = "/u /q /z /n"
ElseIf iOsVer = 5.1 And iOsSPLevel < 2 Then
sExePath = sPatchBasePath & "\WindowsXP-KB824146-x86.exe"
sSwitches = "/u /q /z /n"
Else
bInstallKB824146 = False
End If
If bInstallKB824146 Then
oShell.Run """" & sExePath & """ " & sSwitches, 1, True
sTmpValue = RegRead("HKLM\SOFTWARE\Microsoft\Windows NT\" _
& "CurrentVersion\HotFix\KB824146\Installed")
If sTmpValue <> "1" Then
MsgBox "The security update MS03-039 (KB824146) failed to be " _
& "installed on this computer, please contact IS support " _
& " personnel.", vbExclamation + vbSystemModal, sMsgBoxTitle
Else
bBoot = True
End If
End If
End If
If bBoot Then
MsgBox "Installation of a critical security update is done, please" _
& " reboot the computer!", vbExclamation + vbSystemModal, _
sMsgBoxTitle
End If
End Sub
Function RegRead(sRegValue)
Set oShell = CreateObject("WScript.Shell")
On Error Resume Next
RegRead = oShell.RegRead(sRegValue)
' If the value does not exist, error is raised
If Err Then
RegRead = ""
Err.clear
End If
' If a value is present but uninitialized the RegRead method
' returns the input value in Win2k.
If VarType(RegRead) < vbArray Then
If RegRead = sRegValue Then
RegRead = ""
End If
End If
On Error Goto 0
End Function
Function GetOsVersionNumber()
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Determines OS by reading reg val & comparing to known values
' OS version number returned as number of type double:
' Windows 2k: 5
' Windows XP: 5.1
' Windows Server 2003: 5.2
' Windows x: >5.2
' Note: Decimal point returned is based on the Locale setting
' of the computer, so it might be returned as 5,1 as well.
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim sOStype, sOSversion
On Error Resume Next
sOStype = oShell.RegRead(_
"HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductType")
If Err.Number<>0 Then
' Hex(Err.Number)="80070002"
' - Could not find this key, OS must be Win9x
Err.Clear
sOStype = oShell.RegRead(_
"HKLM\SOFTWARE\Microsoft\Windows" & _
"\CurrentVersion\VersionNumber")
Select Case sOStype
Case "4.00.950"
sOSversion = 1 ' Windows 95A
Case "4.00.1111"
Dim sSubVersion
sSubVersion = oShell.RegRead(_
"HKLM\SOFTWARE\Microsoft\Windows" & _
"\CurrentVersion\SubVersionNumber")
Select Case sSubVersion
Case " B"
sOSversion = 1 ' Windows 95B
Case " C"
sOSversion = 1 ' Windows 95C
Case Else
sOSversion = 1 ' Unknown Windows 95
End Select
Case "4.03.1214"
sOSversion = 1 ' Windows 95B
Case "4.10.1998"
sOSversion = 2 ' Windows 98
Case "4.10.2222"
sOSversion = 2 ' Windows 98SE
Case "4.90.3000"
sOSversion = 3 ' Windows Me
Case Else
sOSversion = 1 ' Unknown W9x/Me
End Select
Else ' OS is NT based
sOSversion = oShell.RegRead(_
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentVersion")
If Err.Number<>0 Then
GetOsVersion = "Unknown NTx"
' Could not determine NT version
Exit Function ' >>>
End If
End If
' Setting Locale to "en-us" to be indifferent to country settings.
' CDbl might err else
SetLocale "en-us"
GetOsVersionNumber = CDbl(sOSversion)
End Function
Function GetSPNumberSW()
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
' Determines Service Pack number by reading reg val CSDVersion in
' HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion
'
' CSDVersion in System\CCS is updated AFTER a reboot when
' installing a SP
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim sOStype, sOSversion, iSPNumber, aSPNumber
On Error Resume Next
sOStype = oShell.RegRead(_
"HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions\ProductType")
If Err.Number<>0 Then
' Hex(Err.Number)="80070002"
' - Could not find this key, OS must be Win9x
Err.Clear
GetSPNumberSW = "W9x"
Exit Function ' >>>
End If
iSPNumber = oShell.RegRead(_
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CSDVersion")
If Err.Number<>0 Then
GetSPNumberSW = 0
' Could not determine Service Pack
Exit Function ' >>>
End If
' CSDVersion is e.g. "Service Pack 2"
aSPNumber = Split(iSPNumber)
GetSPNumberSW = Cint(aSPNumber(2))
End Function