Skip to content

Commit ba13fb8

Browse files
Release/release 3.5.1 fixes (#356)
* Add fixes for issues found in the 3.5.1 release
1 parent 33e676e commit ba13fb8

6 files changed

Lines changed: 75 additions & 257 deletions

File tree

PingCastle/Healthcheck/HotFixCollector.cs

Lines changed: 9 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,11 @@ namespace PingCastle.Healthcheck
88
{
99
public class HotFixCollector : IHotFixCollector
1010
{
11-
private readonly IHotfixService _cimService;
12-
private readonly IHotfixService _wmiService;
11+
private readonly IHotfixService _hotfixService;
1312

14-
public HotFixCollector(IHotfixService cimService, IHotfixService wmiService)
13+
public HotFixCollector(IHotfixService hotfixService)
1514
{
16-
_cimService = cimService ?? throw new System.ArgumentNullException(nameof(cimService));
17-
_wmiService = wmiService ?? throw new System.ArgumentNullException(nameof(wmiService));
15+
_hotfixService = hotfixService ?? throw new System.ArgumentNullException(nameof(hotfixService));
1816
}
1917

2018
public HotfixQueryResult GetInstalledHotfixes(string hostName, bool isPrivilegedMode = true, CancellationToken cancellationToken = default)
@@ -35,36 +33,17 @@ public HotfixQueryResult GetInstalledHotfixes(string hostName, bool isPrivileged
3533
return new HotfixQueryResult { Status = HotfixQueryStatus.ConnectionFailed, FailureReason = "Invalid hostname" };
3634
}
3735

38-
var cimResult = _cimService.TryGetInstalledHotfixes(hostName, ui, cancellationToken);
39-
if (cimResult.Status == HotfixQueryStatus.Success)
36+
var result = _hotfixService.TryGetInstalledHotfixes(hostName, ui, cancellationToken);
37+
if (result.Status == HotfixQueryStatus.Success)
4038
{
41-
Trace.WriteLine($"CIM succeeded for {hostName.SanitizeForLog()} with {cimResult.KbNumbers.Count} hotfixes");
42-
return cimResult;
39+
Trace.WriteLine($"Retrieved {result.KbNumbers.Count} hotfixes from {hostName.SanitizeForLog()}");
4340
}
44-
45-
Trace.WriteLine($"CIM failed for {hostName.SanitizeForLog()} with status {cimResult.Status}: {cimResult.FailureReason}");
46-
47-
if (cimResult.Status == HotfixQueryStatus.AccessDenied)
48-
{
49-
Trace.WriteLine($"Skipping WMI fallback for {hostName.SanitizeForLog()} - same credentials would fail");
50-
return cimResult;
51-
}
52-
53-
if (cimResult.Status == HotfixQueryStatus.ConnectionFailed || cimResult.Status == HotfixQueryStatus.Timeout || cimResult.Status == HotfixQueryStatus.NoResults)
41+
else
5442
{
55-
Trace.WriteLine($"Attempting WMI fallback for {hostName.SanitizeForLog()}");
56-
var wmiResult = _wmiService.TryGetInstalledHotfixes(hostName, ui, cancellationToken);
57-
if (wmiResult.Status == HotfixQueryStatus.Success)
58-
{
59-
Trace.WriteLine($"WMI fallback succeeded for {hostName.SanitizeForLog()} with {wmiResult.KbNumbers.Count} hotfixes");
60-
return wmiResult;
61-
}
62-
63-
Trace.WriteLine($"WMI fallback also failed for {hostName.SanitizeForLog()} with status {wmiResult.Status}: {wmiResult.FailureReason}");
64-
return wmiResult;
43+
Trace.WriteLine($"Hotfix detection failed for {hostName.SanitizeForLog()} with status {result.Status}: {result.FailureReason}");
6544
}
6645

67-
return cimResult;
46+
return result;
6847
}
6948
}
7049
}

PingCastle/Healthcheck/HotFixCollectorFactory.cs

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,8 @@ namespace PingCastle.Healthcheck;
44

55
public static class HotFixCollectorFactory
66
{
7-
/// <summary>
8-
/// Creates a new instance of HotFixCollector with CIM as primary and WMI as fallback.
9-
/// </summary>
10-
/// <returns>A new HotFixCollector instance</returns>
117
public static HotFixCollector Create()
128
{
13-
return new HotFixCollector(new CimHotfixHelper(), new WmiHotfixHelper());
9+
return new HotFixCollector(new WmiHotfixHelper());
1410
}
15-
}
11+
}

PingCastle/misc/CimHotfixHelper.cs

Lines changed: 0 additions & 186 deletions
This file was deleted.

PingCastle/misc/WmiHotfixHelper.cs

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
using System;
22
using System.Collections.Generic;
33
using System.Diagnostics;
4+
using System.Globalization;
45
using System.Management;
56
using System.Text.RegularExpressions;
67
using System.Threading;
@@ -146,7 +147,8 @@ private bool TryGetHotfixesFromQuickFixEngineering(string hostName, HotfixQueryR
146147
private static void CheckPostAlertQualityUpdate(ManagementObject obj, HotfixQueryResult result, DateTime alertCutoff)
147148
{
148149
var description = obj["Description"]?.ToString();
149-
if (!string.Equals(description, "Update", StringComparison.OrdinalIgnoreCase))
150+
if (!string.Equals(description, "Update", StringComparison.OrdinalIgnoreCase) &&
151+
!string.Equals(description, "Security Update", StringComparison.OrdinalIgnoreCase))
150152
{
151153
return;
152154
}
@@ -157,7 +159,7 @@ private static void CheckPostAlertQualityUpdate(ManagementObject obj, HotfixQuer
157159
return;
158160
}
159161

160-
if (DateTime.TryParse(installedOnStr, out var installedOn) && installedOn > alertCutoff)
162+
if (DateTime.TryParse(installedOnStr, CultureInfo.InvariantCulture, DateTimeStyles.None, out var installedOn) && installedOn > alertCutoff)
161163
{
162164
result.MostRecentQualityUpdateDate = installedOn;
163165
}

PingCastleCommon/Scanners/KerberosCheckSumVulnerabilityScanner.cs

Lines changed: 5 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -188,6 +188,10 @@ public ScanResult Scan(
188188
{
189189
var hotfixResult = RetrieveInstalledHotfixes(computerName, cancellationToken);
190190
installedHotfixes = hotfixResult.KbNumbers;
191+
if (mostRecentQualityUpdateDate == null)
192+
{
193+
mostRecentQualityUpdateDate = hotfixResult.MostRecentQualityUpdateDate;
194+
}
191195
}
192196

193197
return AnalyzeVulnerability(operatingSystem, installedHotfixes, startupTime.Value, mostRecentQualityUpdateDate);
@@ -264,28 +268,7 @@ private ScanResult AnalyzeVulnerability(
264268
};
265269
}
266270

267-
bool isCritical = IsCriticalOperatingSystem(operatingSystem);
268-
string severity = isCritical ? "Critical" : "Yes";
269-
Trace.WriteLine($"[MS14-068] FAIL - Patch not found in installed hotfixes");
270-
return new ScanResult
271-
{
272-
IsVulnerable = true,
273-
Reason = ReasonPatchNotInstalled,
274-
OsVersion = operatingSystem,
275-
SeverityLevel = severity
276-
};
277-
}
278-
279-
if (mostRecentQualityUpdateDate.HasValue && mostRecentQualityUpdateDate.Value > AlertDate)
280-
{
281-
Trace.WriteLine($"[MS14-068] PASS - Date fallback ({mostRecentQualityUpdateDate.Value:yyyy-MM-dd} > {AlertDate:yyyy-MM-dd})");
282-
return new ScanResult
283-
{
284-
IsVulnerable = false,
285-
Reason = $"Quality update dated {mostRecentQualityUpdateDate.Value:yyyy-MM-dd} is after MS14-068 release",
286-
OsVersion = operatingSystem,
287-
SeverityLevel = "No"
288-
};
271+
Trace.WriteLine($"[MS14-068] KB check inconclusive - no matching KB in list");
289272
}
290273

291274
bool isCriticalFinalCheck = IsCriticalOperatingSystem(operatingSystem);

0 commit comments

Comments
 (0)