Windows Workstation: Windows Workstation: KB5041580 Not Installed

Overview

This query searches the available updates on the machine and identifies if an available update exists for KB5041580 and that it is not installed. If it finds a match, then it returns the Available Updates array.

Use Case

To address Windows TCP/IP Remote Code Execution Vulnerability (CVE-2024-38063). This query allows the user to identify Windows 10 Workstations that need to finish installing the required update.

Creating an Actionable Alert that uses the "is not empty" operator will allow the user to trigger alerts on any Windows 10 machines that need to apply the update. Additionally a report can be generated using the same metric.

Additional Note

The logic of this metric can be applied to other articles by replacing the KB number. For example, if you want to target Windows 11 machines, use the table at the bottom of Microsofts Article. You can update the Metric to AvailableUpdates[?contains(to_string(KBArticleIDs), `5041571`) && !IsInstalled]