Windows Vs WanaCry and How to Quickly Find those Windows XP Machines.


After this weekend’s latest Ransomware attack here is a quick way to find all those “Windows XP” machines still running in your environment.

What is WanaCry ?

This malware exploits a vulnerability in Microsoft’s Windows operating system that allows it to automatically spread across networks, which gives it the ability to quickly infect large numbers of machines at the same network.

This malware modifies files in the /Windows and /windows/system32 directories and enumerates other users on the network to infect. Both of these actions require administrative privileges.”

There is a component of the ransomware that spreads laterally, could potentially be via SMB shares or leveraging a recent Microsoft bug to spread. The ransomware could have taken advantage of the bug in the SMB that addressed by Microsoft in last March 14.

Kindy  We would strongly recommend to confirm below,

  • All  system Anti-Virus solution are updated.
  • Kindly inspect your systems, mail gateway, servers for any trace of these malware, and isolate from your network in suspect of infection.

What does the Ransomware Look like ?

Here is a picture of a computer infected by the Ransomware.

To find all Windows XP machines run the following  PowerShell OneLiner:



Sharing is caring!

Previous articleCreate Exchange 2016 DAG using PowerShell
Next article
About Me ? I Guess i would start by saying i am a family guys and full time SysAdmin and Tech Junky. This Blog is my first attempt to share information about daily issues i come across as a SysAdmin as well as some new deployments i am part of. Topics that i will cover will mostly be about Office 365,Windows,Exchange as well as Active Directory. I hope some of my Blog posts helps someone #LiveLongAndBeLazy #Exchange #Office 365 #ActiveDirectory #Hyper-V


Please enter your comment!
Please enter your name here