# From Microsoft Support Article: https://support.microsoft.com/en-us/help/4023262/how-to-verify-that-ms17-010-is-installed
# Modified to work with a Configuration Item
# Add comments


[reflection.assembly]::LoadWithPartialName("System.Version")
$OS = Get-WmiObject -class Win32_OperatingSystem
$OSName = $OS.Caption

# Store the resolved path of srv.sys as $S
$S = "%systemroot%\system32\drivers\srv.sys"
$V = [System.Environment]::ExpandEnvironmentVariables($s)

# Test if srv.sys exists
if (Test-Path -Path $v)
{
    try
    {
        # Convert the Get-Item VersionInfo of srv.sys to type [System.Version] for comparison
        $VersionInfo = (Get-Item $v).VersionInfo
        $VersionString = "$($VersionInfo.FileMajorPart).$($VersionInfo.FileMinorPart).$($VersionInfo.FileBuildPart).$($VersionInfo.FilePrivatePart)"
        $FileVersion = New-Object System.Version($VersionString)
    }
    Catch
    {
        # If an error occurs converting return $false. You will need to manually check this computer
        return $false
    }
}
else
{
    # If it does not return $false, because we cannot know if its compliant
    return $false
}

# Find the required version to be compliant based on the operating system
$ExpectedVersion = $null

# If Windows Vista or Server 2008 OS
if ($OSName.Contains("Vista") -or ($OSName.Contains("2008") -and -not $OSName.Contains("R2")))
{
    if ($VersionString.Split('.')[3][0] -eq "1")
    {
        $ExpectedVersion = New-Object System.Version("6.0.6002.19743")
    } 
    elseif ($VersionString.Split('.')[3][0] -eq "2")
    {
        $ExpectedVersion = New-Object System.Version("6.0.6002.24067")
    }
    else
    {
        $expectedVersion = New-Object System.Version("9.9.9999.99999")
    }
}
# else if Windows 7 or 2008 R2 OS
elseif ($OSName.Contains("Windows 7") -or ($OSName.Contains("2008 R2")))
{
    $ExpectedVersion = New-Object System.Version("6.1.7601.23689")
}
# else if Windows 8.1 or Server 2012 R2 OS
elseif ($OSName.Contains("Windows 8.1") -or $OSName.Contains("2012 R2"))
{
    $ExpectedVersion = New-Object System.Version("6.3.9600.18604")
}
# else if Windows 8 or Server 2012 OS
elseif ($OSName.Contains("Windows 8") -or $OSName.Contains("2012"))
{
    $ExpectedVersion = New-Object System.Version("6.2.9200.22099")
}
# else if Windows 10
elseif ($osName.Contains("Windows 10"))
{
    # Windows 10 1507
    if ($OS.BuildNumber -eq "10240")
    {
        $ExpectedVersion = New-Object System.Version("10.0.10240.17319")
    }
    # Windows 10 1511
    elseif ($OS.BuildNumber -eq "10586")
    {
        $ExpectedVersion = New-Object System.Version("10.0.10586.839")
    }
    # Windows 10 1607
    elseif ($OS.BuildNumber -eq "14393")
    {
        $ExpectedVersion = New-Object System.Version("10.0.14393.953")
    }
    # Windows 10 1703
    elseif ($OS.BuildNumber -eq "15063")
    {
        # Version of Windows 10 is already patched, return $true to indicated compliant
        return $true
    }
}
# else if Server 2016
elseif ($OSName.Contains("2016"))
{
    $ExpectedVersion = New-Object System.Version("10.0.14393.953")
}
# else if Windows XP
elseif ($OSName.Contains("Windows XP"))
{
    $ExpectedVersion = New-Object System.Version("5.1.2600.7208")
}
# else if Server 2003
elseif ($OSName.Contains("Server 2003"))
{
    $ExpectedVersion = New-Object System.Version("5.2.3790.6021")
}
else
{
    return $false
}

if ($($FileVersion.CompareTo($ExpectedVersion)) -lt 0)
{
    # if $FileVersion.CompareTo($ExpectedVersion) is less than 0, it would indicate that this is a version lower
    # return $false for non-compliance
    return $false
}
else
{
    # if $FileVersion.CompareTo($ExpectedVersion) is 0 or greater, it would indicate that this is the expected version or higher
    # return $true for compliance
    return $true
}