Could any other ITSM users out there let me know if you go into ITSM -> Patch Management -> OS (the default tab) if you have any Windows patches in there newer than April 20?
None of my endpoints have seen new patches in 2-3 weeks, nor do their status’ of available patches update. I have had a ticket open on this for some time, but I wanted to check with other members of the community to see if they have any OS patches in the ITSM patch management showing newer than April 20.
Hi @indieserve
We applied a fix to the system today to resolve this potential issue and we are monitoring the systems. You should start seeing the new updates on regular daily intervals as usual. Could you please check them tomorrow and let us know if it is populating the latest updates?
Best regards,
Ilker
Thanks Ilker, I did reply to the open ticket in email; since later this morning I’ve started seeing updates again, so that’s great news, thanks for getting this working again!
You are welcome. Thanks for the feedback 
Still have a few stragglers that show that they are up to date in ITSM device list, but when I go into ITSM Patch Management for OS, it shows newest updates are 4/10. On some if I log in and run windows update, there are available updates, on others it shows they are up to date. Kind of wierd.
But given the current situation with WannaCrypt, can a Procedure script be written that forces all non-optional updates to be done (via the windows update command line directly) as well as maybe restarts the ITSM patch service on the endpoint (I assume there is such a thing that checks the local update status and syncs it back to ITSM?) or “clears out” the patch DB and rescans it/resyncs it to ITSM console?
I don’t think this is necessarily a major bug I just think, like the issue with remote control a few days ago, perhaps the patch service on the endpoint has “hung” or something and just needs a restart. But I’m just guessing. How often does the ITSM agent query Windows Update on the endpoint and report those findings back to ITSM console? What triggers a “check”?
So generally a reboot or two seems to clear this issue out, probably just coupled with the earlier issues where my overall patching wasn’t working for a couple weeks has thrown things a bit out of sync.
I see, our regular sync interval is per 6 hours. We will introduce a manual check to overcome these sync issues (or doubts at least )
Ilker
If I search in ITSM’s PM for “MS17-010” for the WannaCry patch, nothing comes up. I get results for “MS17” in Bulletins but nothing for “010” in that category. Why is that?
Hi @indieserve
But given the current situation with WannaCrypt, can a Procedure script be written that forces all non-optional updates to be done (via the windows update command line directly) as well as maybe restarts the ITSM patch service on the endpoint (I assume there is such a thing that checks the local update status and syncs it back to ITSM?) or “clears out” the patch DB and rescans it/resyncs it to ITSM console?
Please refer below procedure to install all available security and critical updates in windows without reboot
https://forum.mspconsortium.com/foru…without-reboot
Please refer attached script “20170331-Reset-PM-db-and-restart-ITSM-services.json” to restart ITSM Patch management services.
We will not get execution logs for this script as we are being disconnected from ITSM agent few seconds.
Run the script as system user.
You can confirm the script result by checking data modified for pm.db (new instance)
20170331-Reset-PM-db-and-restart-ITSM-services.json (2.1 KB)
If I search in ITSM’s PM for the bulletin “MS17-010” for the WannaCry patch, nothing comes up. I get results for “MS17” in Bulletins but nothing for “010” in that category. Why is that?
Hi @PromptCare
I will escalate your concern as a separate issue to support team. They will contact you shortly with updates.
Thanks,
Kannan
We see the 8 different patch items in our global inventory regarding “MS17-010”. Some of them published on March and XP / Server 2003 patches published in May. However, you would only see them on your portal if it is applicable to your endpoints. So, if you think they are applicable but not reflected on your portal, we should check your portal and endpoint configuration.
Ilker
I seem to have the same issue, no record of this in my search of PM also. I might also state that I am using the ITSM PM, not the stand alone module.
I researched this, I had the same issue, but found that bulletin MS17-006 released KB4012215, which is thought to be one of the patches to prevent it. I found a list thought to bethem, as where only two from the list showed up, one was for english systems, the other was in a different language.
List:
4012598
4012212
4012215
4012213
4012216
4012214
4012217
4012606
4013198
4013429
I have not looked up the details for all these, but according to these, I only had 2 systems that would have had the vulnerability anyway. I find this hard to believe this, especially since a couple hundred thousand systems got hit.
Hello @BOSS
ITSM’s Patch Management uses the Windows Update Service in order to fetch the list of available updates. It also uses the appropriate Windows services in order to install the patches. So basically, all that PM does is to upload the list that it gets from Windows Update to ITSM portal and then to transfer the commands form ITSM portal to the device when a deployment process is started, offering you the possibility to centrally manage the patches.
Also, please note that the KB name for the security update released in March may be different form one OS to another, as it depends on the OS version and build (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx).
PM will report the name of the patches and the details associated with them exactly the same way Windows will, so in order to double check whether a device is protected or not, you can simply check for updates locally and see if there are any patches that are not listed in the portal.
Please let us know whether the information above helped, or you require further assistance.