Skip to Main Content
Liongard Library

Welcome to Liongard Library, where Lions share! This is a community-led space where Liongard users can come to teach and learn from one another.
Share custom Metrics, get inspired and see what’s trending in the Pride.

Pride Etiquette:
➕ Have great custom Metrics? Add them as entries!
🌟 Want to use a Metric? Copy the query and
follow this doc.
👍 Tried a Metric from the Library? Like it!
📣 Have a question or feedback on a Metric? Add a comment!
🔎 Not sure where to start? Learn about Metrics and how to write them.
💬 Need help writing a metric or want to help support others? Join the conversation in our Liongard Lounge #metrics slack channel.


🥴 See something off? Open a support chat to let us know.

Categories Windows Workstation
Created by Paul Taplett
Created on Aug 15, 2024

Windows Workstation: Windows Workstation: KB5041580 Not Installed

Overview

This query searches the available updates on the machine and identifies if an available update exists for KB5041580 and that it is not installed. If it finds a match, then it returns the Available Updates array.


Use Case

To address Windows TCP/IP Remote Code Execution Vulnerability (CVE-2024-38063). This query allows the user to identify Windows 10 Workstations that need to finish installing the required update.

Creating an Actionable Alert that uses the "is not empty" operator will allow the user to trigger alerts on any Windows 10 machines that need to apply the update. Additionally a report can be generated using the same metric.


Additional Note

The logic of this metric can be applied to other articles by replacing the KB number. For example, if you want to target Windows 11 machines, use the table at the bottom of Microsofts Article. You can update the Metric to AvailableUpdates[?contains(to_string(KBArticleIDs), `5041571`) && !IsInstalled]



Query

AvailableUpdates[?contains(to_string(KBArticleIDs), `5041580`) && !IsInstalled]

  • Attach files