This is taken from the nmap seclist page. A script for nmap has been written that should allow you to scan your network to determine if its vulnerable. It may not be perfect but I am sure it will help someone out there.
Hey list, I need some help testing the script smb-vuln-ms17-010. I tested it on a vulnerable win7 machine and it works as expected but I suspect there might be some issues with newer Windows versions and certain smb configurations (v2 authentication protocols with signing enabled). Don't forget to send me packet captures if you run into servers that are incorrectly marked as not vulnerable. Cheers! smb-vuln-ms17-010: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/smb-vuln-ms17-010.nse description = [[ Attempts to detect if a Microsoft SMBv1 server is vulnerable to a remote code execution vulnerability (ms2017-010). The script connects to the $IPC tree, executes a transaction on FID 0 and checks if the error "STATUS_INSUFF_SERVER_RESOURCES" is returned to determine if the target is not patched against CVE2017-010. Tested on a vulnerable Windows 7. We might have some issues with v2 protocols with signing enabled. References: * https://technet.microsoft.com/en-us/library/security/ms17-010.aspx * https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ * https://msdn.microsoft.com/en-us/library/ee441489.aspx * https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_ms17_010.rb ]] Paulino Calderon Pale || @calderpwn on Twitter || http://www.calderonpale.com
— Florian Roth (@cyb3rops) 15 May 2017