Added LastBootUpTime to returned PSCustomObject per suggestion by Brett Miller (@BrettMiller_IT).

dotps1 · dotps1 · commit a4b00c6fbcce · 2017-05-17T21:15:54.000-04:00
diff --git a/Functions/Test-WannaCryVulnerability.ps1 b/Functions/Test-WannaCryVulnerability.ps1
@@ -1,7 +1,7 @@
 ﻿<#PSScriptInfo
 
 .Version
-    2.1
+    2.2
 .Guid
     477aa3f4-0434-4925-9c92-7323066cceb7
 .Author 
@@ -12,7 +12,7 @@
     https://github.com/dotps1/PSFunctions
 .ReleaseNotes
     Replaced Write-Warning with Write-Error so it can be caught in a try catch block.
-    
+
 #>
 
 <#
@@ -41,6 +41,7 @@
     PSComputerName         : myrig
     OperatingSystemCaption : Microsoft Windows 7 Professional
     OperatingSystemVersion : 6.1.7601
+    LastBootUpTime         : 5/14/2017 3:38:38 PM
     Vulnerable             : False
     AppliedHotFixID        : KB4012212|KB4015546|KB4015549
     SMB1FeatureEnabled     : False
@@ -51,14 +52,15 @@
     PSComputerName         : workstation
     OperatingSystemCaption : Microsoft Windows 7 Professional
     OperatingSystemVersion : 6.1.7601
+    LastBootUpTime         : 5/14/2017 3:38:38 PM
     Vulnerable             : True
     AppliedHotFixID        : 
     SMB1FeatureEnabled     : False
     SMB1ProtocolEnabled    : True
 .Notes
-    Not applicable to windows 10.
+    WannaCry vulnerability is only applicable to Microsoft Windows 10 1607 and prior, 1702 was not affected.
 .Link
-    https://www.redsocks.eu/news/ransomware-wannacry/
+    https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
 .Link
     https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1,-smbv2,-and-smbv3-in-windows-vista,-windows-server-2008,-windows-7,-windows-server-2008-r2,-windows-8,-and-windows-server-2012
 .Link
@@ -147,7 +149,7 @@ process {
             foreach ($nameValue in $Name) {
                 try {
                     Write-Progress -Activity "Testing '$nameValue' for WannaCry vulnerabilities using WMI" -CurrentOperation "Retrieve operating system information" -PercentComplete 20
-                    $osInformation = Get-WmiObject -ComputerName $nameValue -Class Win32_OperatingSystem -Property Caption, Version -Credential $Credential -ErrorAction Stop
+                    $osInformation = Get-WmiObject -ComputerName $nameValue -Class Win32_OperatingSystem -Property Caption, LastBootUpTime, Version -Credential $Credential -ErrorAction Stop
                 } catch {
                     Write-Error -Message "Failed to query WMI on '$nameValue'." -RecommendedAction "Verify WMI access is not being blocked by the firewall."
                     continue
@@ -159,7 +161,7 @@ process {
                 }
 
                 # HotFixes
-                Write-Progress -Activity "Testing '$nameValue' for WannaCry vulnerabilities using WMI" -CurrentOperation "Inventory hotfix information" -PercentComplete 40
+                Write-Progress -Activity "Testing '$nameValue' for WannaCry vulnerabilities using WMI" -CurrentOperation "Retrieve hotfix information" -PercentComplete 40
                 $appliedHotFixID = (Get-WmiObject -ComputerName $nameValue -Class Win32_QuickFixEngineering -Credential $Credential).Where({
                     $_.HotFixID -in $hotFixIDs
                 }).HotFixID
@@ -193,11 +195,15 @@ process {
                 } else {
                     $vulnerable = $true
                 }
+                Write-Progress -Activity "Testing '$nameValue' for WannaCry vulnerabilities using WMI" -Completed
 
                 $output = [PSCustomObject]@{
                     PSComputerName = $nameValue
                     OperatingSystemCaption = $osInformation.Caption
                     OperatingSystemVersion = $osInformation.Version
+                    LastBootUpTime = $osInformation.ConvertToDateTime(
+                        $osInformation.LastBootUpTime
+                    )
                     Vulnerable = $vulnerable
                     AppliedHotFixID = $appliedHotFixId -join "|"
                     SMB1FeatureEnabled = $smb1FeatureEnabled
@@ -211,15 +217,15 @@ process {
         "ByCimSession" {
             foreach ($cimSessionValue in $CimSession) {
                 Write-Progress -Activity "Testing '$nameValue' for WannaCry vulnerabilities using CIM" -CurrentOperation "Retrieve operating system caption" -PercentComplete 20
-                $osInformation = Get-CimInstance -CimSession $cimSessionValue -ClassName Win32_OperatingSystem -Property Caption, Version
+                $osInformation = Get-CimInstance -CimSession $cimSessionValue -ClassName Win32_OperatingSystem -Property Caption, LastBootUpTime, Version
 
                 if ([Version]$osInformation.Version -ge [Version]"10.0.15063") {
                     Write-Error -Message "$($osInformation.Caption) $($osInformation.Version) is not vulnerable to the WannaCry Exploit."
                     continue
                 }
 
                 # HotFixes
-                Write-Progress -Activity "Testing '$nameValue' for WannaCry vulnerabilities using CIM" -CurrentOperation "Inventory hotfix information" -PercentComplete 40
+                Write-Progress -Activity "Testing '$nameValue' for WannaCry vulnerabilities using CIM" -CurrentOperation "Retrieve hotfix information" -PercentComplete 40
                 $appliedHotFixID = (Get-CimInstance -CimSession $CimSession -ClassName Win32_QuickFixEngineering).Where({
                     $_.HotFixID -in $hotFixIDs
                 }).HotFixID
@@ -252,11 +258,15 @@ process {
                 if ($appliedHotFixId.Count -gt 0 -and -not $smb1FeatureEnabled -and -not $smb1ProtocolEnabled) {
                     $vulnerable = $false
                 }
+                Write-Progress -Activity "Testing '$nameValue' for WannaCry vulnerabilities using CIM" -Completed 
 
                 $output = [PSCustomObject]@{
                     PSComputerName = $cimSessionValue.ComputerName
                     OperatingSystemCaption = $osInformation.Caption
                     OperatingSystemVersion = $osInformation.Version
+                    LastBootUpTime = $osInformation.ConvertToDateTime(
+                        $osInformation.LastBootUpTime
+                    )
                     Vulnerable = $vulnerable
                     AppliedHotFixID = $appliedHotFixId -join "|"
                     SMB1FeatureEnabled = $smb1FeatureEnabled
diff --git a/README.md b/README.md
@@ -249,6 +249,7 @@ PS C:\> Test-WannaCryVulnerability
 PSComputerName         : myrig
 OperatingSystemCaption : Microsoft Windows 7 Professional
 OperatingSystemVersion : 6.1.7601
+LastBootUpTime         : 5/14/2017 3:38:38 PM
 Vulnerable             : False
 AppliedHotFixID        : KB4012212|KB4015546|KB4015549
 SMB1FeatureEnabled     : False
@@ -260,6 +261,7 @@ PS C:\> Get-ADComputer -Identity workstation | Test-WannaCryVulnerability
 PSComputerName         : workstation
 OperatingSystemCaption : Microsoft Windows 7 Professional
 OperatingSystemVersion : 6.1.7601
+LastBootUpTime         : 5/14/2017 3:38:38 PM
 Vulnerable             : True
 AppliedHotFixID        : 
 SMB1FeatureEnabled     : False
