
    Thomas J. Malkewitz @dotps1
    WannaCry, SMB1, Malware
    Initial release.

    Tests for WannaCry vulnerabilities.
    Test for applicable patches to prevent the WannaCry malware. Tests for SMB1 protocol and component.
.Parameter ComputerName
    ComputerName to test.
.Parameter Credential
    Credential to test with.
.Parameter CimSession
    CimSession to test.
    PS C:\> Test-WannaCryVulnerability
    PSComputerName : myrig
    OperatingSystem : Microsoft Windows 7 Professional
    Vulnerable : False
    AppliedHotFixIds : KB4012212|KB4015546|KB4015549
    SMB1FeatureEnabled : False
    SMB1ProtocolEnabled : False
    PS C:\> Get-ADComputer -Filter * -OrganizationalUnit OU=workstations,DC=domain,DC=org | Test-WannaCryVulnerability
    PSComputerName : workstation
    OperatingSystem : Microsoft Windows 7 Professional
    Vulnerable : True
    AppliedHotFixIds :
    SMB1FeatureEnabled : False
    SMB1ProtocolEnabled : True
    Not applicable to windows 10.

    DefaultParameterSetName = "ByComputerName"

param (
        ParameterSetName = "ByComputerName",
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true
    $Name = $env:COMPUTERNAME,

        ParameterSetName = "ByComputerName"
    $Credential = [PSCredential]::Empty,

        ParameterSetName = "ByCimSession",
        ValueFromPipeline = $true,
        ValueFromPipelineByPropertyName = $true

begin {
    $hotFixIDs = @(

process {
    switch ($PSCmdlet.ParameterSetName) {
        "ByComputerName" { 
            foreach ($nameValue in $Name) {
                if (-not (Test-Connection -ComputerName $nameValue -Count 1 -Quiet)) {
                    Write-Warning -Message "Failed to contact $nameValue."

                try {
                    $osCaption = Get-WmiObject -ComputerName $nameValue -Class Win32_OperatingSystem -Property Caption -Credential $Credential |
                        Select-Object -ExpandProperty Caption
                } catch {
                    Write-Error $_.ToString()

                if ($osCaption -match "Windows 10|2016") {
                    Write-Error -Message "$osCaption is not vulnerable to WannaCry."

                # Patches
                $appliedHotFixIds = Get-WmiObject -ComputerName $nameValue -Class Win32_QuickFixEngineering -Credential $Credential |
                    Where-Object -FilterScript { $_.HotFixID -in $hotFixIDs } |
                        Select-Object -ExpandProperty HotFixID

                #SMB1 Feature
                $smb1Feature = Get-WmiObject -ComputerName $nameValue -Class Win32_OptionalFeature -Property InstallState -Filter "Name = 'SMB1Protocol'" -Credential $Credential |
                    Select-Object -ExpandProperty InstallState

                if ($optionalFeature -eq 1) {
                    $smb1FeatureEnabled = $true
                } else {
                    $smb1FeatureEnabled = $false

                #SMB1 Protocol
                $smb1Protocol = Invoke-WmiMethod -ComputerName $nameValue -Class StdRegProv -Name GetDwordValue -ArgumentList @( [uint32]2147483650, "SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters", "SMB1" ) -Credential $Credential |
                    Select-Object -ExpandProperty uValue

                if ($smb1Protocol -eq 0) {
                    $smb1ProtocolEnabled = $false
                } else {
                    $smb1ProtocolEnabled = $true

                if ($appliedHotFixIds.Count -gt 0 -and -not $smb1FeatureEnabled -and -not $smb1ProtocolEnabled) {
                    $vulnerable = $false
                } else {
                    $vulnerable = $true

                $output = [PSCustomObject]@{
                    PSComputerName = $nameValue
                    OperatingSystem = $osCaption
                    Vulnerable = $vulnerable
                    AppliedHotFixIds = $appliedHotFixIds -join "|"
                    SMB1FeatureEnabled = $smb1FeatureEnabled
                    SMB1ProtocolEnabled = $smb1ProtocolEnabled

                Write-Output -InputObject $output
        "ByCimSession" {
            foreach ($cimSessionValue in $CimSession) {
                $osCaption = Get-CimInstance -CimSession $cimSessionValue -ClassName Win32_OperatingSystem -Property Caption | 
                    Select-Object -ExpandProperty Caption

                if ($osCaption -match "Windows 10|2016") {
                    Write-Error -Message "$osCaption is not vulnerable to WannaCry."

                # Patches
                $appliedHotFixIds = Get-CimInstance -CimSession $CimSession -ClassName Win32_QuickFixEngineering |
                    Where-Object -FilterScript { $_.HotFixID -in $hotFixIds } |
                        Select-Object -ExpandProperty HotFixID

                #SMB1 Feature
                $smb1Feature = Get-CimInstance -CimSession $cimSessionValue -ClassName Win32_OptionalFeature -Property InstallState -Filter "Name = 'SMB1Protocol'" |
                    Select-Object -ExpandProperty InstallState

                if ($optionalFeature -eq 1) {
                    $smb1FeatureEnabled = $true
                } else {
                    $smb1FeatureEnabled = $false

                # SMB1 Protocol
                $smb1Protocol = Invoke-CimMethod -CimSession $cimSessionValue -ClassName StdRegProv -MethodName GetDwordValue -Arguments @{ hDefKey = [uint32]2147483650; sSubKeyName = "SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters"; sValueName = "SMB1" } |
                    Select-Object -ExpandProperty uValue

                if ($smb1Protocol -eq 0) {
                    $smb1ProtocolEnabled = $false
                } else {
                    $smb1ProtocolEnabled = $true

                if ($appliedHotFixIds.Count -gt 0 -and -not $smb1FeatureEnabled -and -not $smb1ProtocolEnabled) {
                    $vulnerable = $false

                $output = [PSCustomObject]@{
                    PSComputerName = $cimSessionValue.ComputerName
                    OperatingSystem = $osCaption
                    Vulnerable = $vulnerable
                    AppliedHotFixIds = $appliedHotFixIds -join "|"
                    SMB1FeatureEnabled = $smb1FeatureEnabled
                    SMB1ProtocolEnabled = $smb1ProtocolEnabled

                Write-Output -InputObject $output