Discover Devices Susceptible to Windows Data Damage Bug
Windows released a new advisory detailing an issue in Windows 11 and Windows Server 2022 that could lead to data loss or as they call it “data damage”. The problem is a result of an issue in the newest Vector Advanced Encryption Standard (AES) (VAES) instruction set that was added to their latest operating systems. You can read more about this issue in the Windows Data Damage Bug blog post.
The report below provides a list of all Windows 11 and Windows Server 2022 devices that have KB5015814/KB5015827 or higher installed by looking at the Windows build of your Windows devices. To prevent any issues, it’s recommended to install those updates as soon as possible.
Windows Data Damage Bug Query
Select Distinct Top 1000000 Coalesce(tsysOS.Image,
tsysAssetTypes.AssetTypeIcon10) As icon,
tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tblState.Statename As State,
Case
When tblComputersystem.Domainrole > 1 Then 'Server'
Else 'Workstation'
End As [Workstation/Server],
tblAssets.Username,
tblAssets.Userdomain,
tblAssets.IPAddress,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tsysOS.OSname As OS,
tblAssets.SP,
SubQuery2.Buildnumber as [Build number],
Case
When tsysOS.OSname = 'Win 2022' then '825'
When tsysOS.OScode Like '10.0.22000' Then '795'
End As [Fixed Build number],
tblassets.Version,
tblAssets.Lastseen,
tblAssets.Lasttried,
QuickFixLastScanned.QuickFixLastScanned,
Case
When tblErrors.ErrorText Is Not Null Or
tblErrors.ErrorText != '' Then
'Scanning Error: ' + tsysasseterrortypes.ErrorMsg
Else ''
End As ScanningErrors,
Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) + ' days ago' As WindowsUpdateInfoLastScanned,
Case
When Convert(nvarchar,DateDiff(day, QuickFixLastScanned.QuickFixLastScanned,
GetDate())) > 3 Then
'Windows update information may not be up to date. We recommend rescanning this machine.'
Else ''
End As Comment
From tblAssets
left Join (select tblassets.AssetID, convert(bigint,tblassets.BuildNumber)
as Buildnumber from tblAssets) As SubQuery2 On tblAssets.AssetID =
SubQuery2.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblOperatingsystem On tblOperatingsystem.AssetID =
tblAssets.AssetID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblComputersystem On tblAssets.AssetID = tblComputersystem.AssetID
Left Join tsysOS On tsysOS.OScode = tblAssets.OScode
Left Join tsysIPLocations On tblAssets.IPNumeric >= tsysIPLocations.StartIP
And tblAssets.IPNumeric <= tsysIPLocations.EndIP
Left Join (Select Distinct Top 1000000 TsysLastscan.AssetID As ID,
TsysLastscan.Lasttime As QuickFixLastScanned
From TsysWaittime
Inner Join TsysLastscan On TsysWaittime.CFGCode = TsysLastscan.CFGcode
Where TsysWaittime.CFGname = 'QUICKFIX') As QuickFixLastScanned On
tblAssets.AssetID = QuickFixLastScanned.ID
Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID,
Max(tblErrors.Teller) As ErrorID
From tblErrors
Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID =
ScanningError.ID
Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller
Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype =
tblErrors.ErrorType
Where tblAssetCustom.State = 1 And
tsysAssetTypes.AssetTypename Like 'Windows%' and
((tsysOS.OSname = 'Win 2022' and SubQuery2.Buildnumber < 825) or
(tsysOS.OSname = 'Win 11' and SubQuery2.Buildnumber < 795))
Order By tblAssets.Domain