Per Lee Holmes (@lee_holmes) there is still a needed patch for Windows 10 1602 and prior https://twitter.com/Lee_Holmes/status/864604299405410304. Added Operating System Version to returned object.

Author: dotps1

Functions/Test-WannaCryVulnerability.ps1

@@ -1,7 +1,7 @@
 <#PSScriptInfo
 
 .Version
-    1.4
+    2.0
 .Guid
     477aa3f4-0434-4925-9c92-7323066cceb7
 .Author 
@@ -11,7 +11,7 @@
 .ProjectUri
     https://github.com/dotps1/PSFunctions
 .ReleaseNotes
-    Moved ComputerName connectivity test to the parameter validation.  Added Write-Progress output for the steps being completed.
+    Per Lee Holmes (@lee_holmes) there is still a needed patch for Windows 10 1602 and prior.  Added Operating System Version to returned object.
 
 #>
 
@@ -38,21 +38,23 @@
 .Example
     PS C:\> Test-WannaCryVulnerability
 
-    PSComputerName      : myrig
-    OperatingSystem     : Microsoft Windows 7 Professional
-    Vulnerable          : False
-    AppliedHotFixIds    : KB4012212|KB4015546|KB4015549
-    SMB1FeatureEnabled  : False
-    SMB1ProtocolEnabled : False
+    PSComputerName         : myrig
+    OperatingSystemCaption : Microsoft Windows 7 Professional
+    OperatingSystemVersion : 6.1.7601
+    Vulnerable             : False
+    AppliedHotFixIds       : KB4012212|KB4015546|KB4015549
+    SMB1FeatureEnabled     : False
+    SMB1ProtocolEnabled    : False
 .Example
     PS C:\> Get-ADComputer -Identity workstation | Test-WannaCryVulnerability
 
-    PSComputerName      : workstation
-    OperatingSystem     : Microsoft Windows 7 Professional
-    Vulnerable          : True
-    AppliedHotFixIds    : 
-    SMB1FeatureEnabled  : False
-    SMB1ProtocolEnabled : True
+    PSComputerName         : workstation
+    OperatingSystemCaption : Microsoft Windows 7 Professional
+    OperatingSystemVersion : 6.1.7601
+    Vulnerable             : True
+    AppliedHotFixIds       : 
+    SMB1FeatureEnabled     : False
+    SMB1ProtocolEnabled    : True
 .Notes
     Not applicable to windows 10.
 .Link
@@ -135,20 +137,7 @@ begin {
         "KB4015546", 
         "KB4015547", 
         "KB4015548", 
-        "KB4015549", 
-        "KB4015550", 
-        "KB4015551", 
-        "KB4015552", 
-        "KB4015553", 
-        "KB4015554", 
-        "KB4016635", 
-        "KB4019213", 
-        "KB4019214", 
-        "KB4019215", 
-        "KB4019216", 
-        "KB4019263", 
-        "KB4019264", 
-        "KB4019472"
+        "KB4015549"
     )
 }
 
@@ -157,16 +146,15 @@ process {
         "ByComputerName" { 
             foreach ($nameValue in $Name) {
                 try {
-                    Write-Progress -Activity "Testing '$nameValue' for WannaCry vulnerabilities using WMI" -CurrentOperation "Retrieve operating system caption" -PercentComplete 20
-                    $osCaption = Get-WmiObject -ComputerName $nameValue -Class Win32_OperatingSystem -Property Caption -Credential $Credential -ErrorAction Stop |
-                        Select-Object -ExpandProperty Caption
+                    Write-Progress -Activity "Testing '$nameValue' for WannaCry vulnerabilities using WMI" -CurrentOperation "Retrieve operating system information" -PercentComplete 20
+                    $osInformation = Get-WmiObject -ComputerName $nameValue -Class Win32_OperatingSystem -Property Caption, Version -Credential $Credential -ErrorAction Stop
                 } catch {
-                    Write-Error -Message "Failed to contact WMI on '$nameValue'." -RecommendedAction "Verify WS-MAN is not being blocked by the firewall."
+                    Write-Error -Message "Failed to query WMI on '$nameValue'." -RecommendedAction "Verify WMI access is not being blocked by the firewall."
                     continue
                 }
 
-                if ($osCaption -match "Windows 10") {
-                    Write-Warning -Message "$osCaption is not vulnerable to WannaCry."
+                if ([Version]$osInformation.Version -ge [Version]"10.0.15063") {
+                    Write-Warning -Message "$($osInformation.Caption) $($osInformation.Version) is not vulnerable to the WannaCry Exploit."
                     continue
                 }
 
@@ -208,7 +196,8 @@ process {
 
                 $output = [PSCustomObject]@{
                     PSComputerName = $nameValue
-                    OperatingSystem = $osCaption
+                    OperatingSystemCaption = $osInformation.Caption
+                    OperatingSystemVersion = $osInformation.Version
                     Vulnerable = $vulnerable
                     AppliedHotFixIds = $appliedHotFixIds -join "|"
                     SMB1FeatureEnabled = $smb1FeatureEnabled
@@ -222,11 +211,10 @@ process {
         "ByCimSession" {
             foreach ($cimSessionValue in $CimSession) {
                 Write-Progress -Activity "Testing '$nameValue' for WannaCry vulnerabilities using CIM" -CurrentOperation "Retrieve operating system caption" -PercentComplete 20
-                $osCaption = Get-CimInstance -CimSession $cimSessionValue -ClassName Win32_OperatingSystem -Property Caption | 
-                    Select-Object -ExpandProperty Caption
+                $osInformation = Get-CimInstance -CimSession $cimSessionValue -ClassName Win32_OperatingSystem -Property Caption, Version
 
-                if ($osCaption -match "Windows 10") {
-                    Write-Error -Message "$osCaption is not vulnerable to WannaCry."
+                if ([Version]$osInformation.Version -ge [Version]"10.0.15063") {
+                    Write-Error -Message "$($osInformation.Caption) $($osInformation.Version) is not vulnerable to the WannaCry Exploit."
                     continue
                 }
 
@@ -267,7 +255,8 @@ process {
 
                 $output = [PSCustomObject]@{
                     PSComputerName = $cimSessionValue.ComputerName
-                    OperatingSystem = $osCaption
+                    OperatingSystemCaption = $osInformation.Caption
+                    OperatingSystemVersion = $osInformation.Version
                     Vulnerable = $vulnerable
                     AppliedHotFixIds = $appliedHotFixIds -join "|"
                     SMB1FeatureEnabled = $smb1FeatureEnabled

README.md

@@ -246,20 +246,22 @@ Test for applicable patches to prevent the WannaCry malware.  Tests for SMB1 pro
 ```
 PS C:\> Test-WannaCryVulnerability
 
-PSComputerName      : myrig
-OperatingSystem     : Microsoft Windows 7 Professional
-Vulnerable          : False
-AppliedHotFixIds    : KB4012212|KB4015546|KB4015549
-SMB1FeatureEnabled  : False
-SMB1ProtocolEnabled : False
+PSComputerName         : myrig
+OperatingSystemCaption : Microsoft Windows 7 Professional
+OperatingSystemVersion : 6.1.7601
+Vulnerable             : False
+AppliedHotFixIds       : KB4012212|KB4015546|KB4015549
+SMB1FeatureEnabled     : False
+SMB1ProtocolEnabled    : False
 
 
 PS C:\> Get-ADComputer -Identity workstation | Test-WannaCryVulnerability
 
-PSComputerName      : workstation
-OperatingSystem     : Microsoft Windows 7 Professional
-Vulnerable          : True
-AppliedHotFixIds    : 
-SMB1FeatureEnabled  : False
-SMB1ProtocolEnabled : True
+PSComputerName         : workstation
+OperatingSystemCaption : Microsoft Windows 7 Professional
+OperatingSystemVersion : 6.1.7601
+Vulnerable             : True
+AppliedHotFixIds       : 
+SMB1FeatureEnabled     : False
+SMB1ProtocolEnabled    : True
 ```