[R] - Script to check missing Security Only Updates

Discussion in 'Scripting' started by Mr.X, May 18, 2017.

  1. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,562
    15,643
    270
    For Windows 7 and Windows 8.1.

    With Monthly Rollups no problem at all, they're cumulative. Not so for Security Only Updates were you need to install all of them in order to be fully patched in terms of security. Also to include all .NET Framework related ones.

    A script that can check installed ones against a list to find out which are missing. In an offline fashion. :cool:
     
  2. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,097
    24,396
    340
    My WU TOOL tries something like that, using a Folder with Updates as reference.

    One thing i found bitchy is querying installed updates doesn't show different versions of an update tagged like _v2. Quite a little mess :g:.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,562
    15,643
    270
    The idea is to reference to a list only not fully downloaded updates. This way one download what is needed only.
     
  4. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,097
    24,396
    340
    Idea could be adapted, since it already compares two lists (installed against folder content list).

    But as said, problem is to get updated packs correctly. If list shows KBXXXXXXX_v5 and _v4 is already installed, WU won't show the version tag, so the compare will exclude the update, since the update appears as already installed :g:.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,562
    15,643
    270
    But packs have complete different KB number, no? No versioning for these kind of packs. Maybe I'm wrong. :g:
     
  6. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,097
    24,396
    340
    There indeed is a versioning. So far that offline-installer was quite simple (only a smart compare).

    To do correctly it needs to get the installed KBs with the internal versioning from the system, the check the KBs MUM to get it's version, this should only be needed for those _v19 updates.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,097
    24,396
    340
    OK, just checked with dism, and the version in the MUM will show after install in dism, seems doable :g:
    Windows8.1-KB2976978-v19-x64:
    Code:
    Package Identity : Package_for_KB2976978~31bf3856ad364e35~amd64~~6.3.19.0
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,097
    24,396
    340
    Would be helpful to have a list for Win 8.1 to test :g:.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,562
    15,643
    270
    Can I help on that? I have my main personal pc running Windows 8.1.
     
  10. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,097
    24,396
    340
    #10 s1ave77, May 18, 2017
    Last edited: May 18, 2017
    I only run Win 8.1 in VM now so i would need a list with all Security updates needed till last patch day. That would help for testing.

    Just reworked the dism check to set KB to -vX if X is greater than 1.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,097
    24,396
    340
    Code:
    ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
    
    Check Installed Updates
    ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
    
    
    KB2919355
    KB2919442
    KB2976536
    KB2976978-v19
    KB2977292
    KB2977765
    KB2978041
    KB2978126
    KB2979576
    KB2984006
    KB2988948
    KB2989647
    KB2990967
    KB2992611
    KB2993958
    KB2995388
    KB2998174
    KB2998527
    KB3000850
    KB3002885
    KB3003057
    KB3003743
    KB3005607
    KB3006178
    KB3006226
    KB3008188
    KB3008627
    KB3010788
    KB3011780
    KB3014442
    KB976002
    
    ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  12. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,562
    15,643
    270
    How about WHDownloader lists?
     
  13. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,097
    24,396
    340
    Could you provide one, please :hug2:.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,097
    24,396
    340
    Got the script to get the versioning and now it will detect newer versions correctly and will offer them.

    Just adatped WU TOOL to use the new checks.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,562
    15,643
    270
    Hang on...
     
  16. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,562
    15,643
    270
    Bro, I think I'm looking to this thing wrongly. I think it makes no sense to make a list and maintain it. abbodi has solved this along with alphawaves, doh. I rather have that bunch of updates, don't matter if some are already installed, then abbodis script take care of them, or your own script bro.
     
  17. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,097
    24,396
    340
    @Mr.X Still would make sense to check the updates you have against already installed ones :g:.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  18. Mr.X

    Mr.X MDL Guru

    Jul 14, 2013
    8,562
    15,643
    270
    Sorry I am kind of busy, unexpectedly lol.

    Let's see if I did it correctly bro. Btw what a pita it was to edit the XML file (list) to get the following:
    Code:
    Windows8.1-KB2898850-x64.msu
    Windows8.1-KB3000483-x64.msu
    Windows8.1-KB3004361-x64.msu
    Windows8.1-KB3004365-v2-x64.msu
    Windows8.1-KB3019978-x64.msu
    Windows8.1-KB3020393-x64.msu
    Windows8.1-KB3035126-x64.msu
    Windows8.1-KB3045685-x64.msu
    Windows8.1-KB3045755-x64.msu
    Windows8.1-KB3045999-x64.msu
    Windows8.1-KB3046017-x64.msu
    Windows8.1-KB3046339-x64.msu
    Windows8.1-KB3047234-x64.msu
    Windows8.1-KB3055642-x64.msu
    Windows8.1-KB3059317-x64.msu
    Windows8.1-KB3061512-x64.msu
    Windows8.1-KB3062760-x64.msu
    Windows8.1-KB3071756-x64.msu
    Windows8.1-KB3075220-x64.msu
    Windows8.1-KB3076949-x64.msu
    Windows8.1-KB3082089-x64.msu
    Windows8.1-KB3083992-x64.msu
    Windows8.1-KB3084135-x64.msu
    Windows8.1-KB3086255-x64.msu
    Windows8.1-KB3092601-x64.msu
    Windows8.1-KB3108604-x64.msu
    Windows8.1-KB3109103-x64.msu
    Windows8.1-KB3109560-x64.msu
    Windows8.1-KB3110329-x64.msu
    Windows8.1-KB3121918-x64.msu
    Windows8.1-KB3126434-x64.msu
    Windows8.1-KB3126587-x64.msu
    Windows8.1-KB3133043-x64.msu
    Windows8.1-KB3138910-x64.msu
    Windows8.1-KB3138962-x64.msu
    Windows8.1-KB3139398-x64.msu
    Windows8.1-KB3139914-x64.msu
    Windows8.1-KB3146723-x64.msu
    Windows8.1-KB3153704-x64.msu
    Windows8.1-KB3155784-x64.msu
    Windows8.1-KB3156059-x64.msu
    Windows8.1-KB3159398-x64.msu
    Windows8.1-KB3161949-x64.msu
    Windows8.1-KB3161958-x64.msu
    Windows8.1-KB3162343-x64.msu
    Windows8.1-KB3164294-x64.msu
    Windows8.1-KB3169704-x64.msu
    Windows8.1-KB3170455-x64.msu
    Windows8.1-KB3172729-x64.msu
    Windows8.1-KB3175024-x64.msu
    Windows8.1-KB3178539-x64.msu
    Windows8.1-KB3187754-v2-x64.msu
    Windows8.1-KB4014551-x64.msu
    Windows8.1-KB4014604-x64.msu
    Windows8.1-KB4019217-x64.msu
    Windows8.1-KB4020821-x64.msu
    Windows8.1-KB3097997-x64.msu
    Windows8.1-KB3098779-x64.msu
    Windows8.1-KB3150220-x64.msu
     
  19. PointZero

    PointZero MDL Member

    Oct 5, 2011
    1,415
    3,776
    60
    Another tool to consider: komm at MDL has an active project that will check a system for any missing updates (multiple categories to choose from) and offer to install them. It also checks if you have any superseded updates and offers to remove them. It does a lot more than this also. It's not a script (it's a small program), but is definitely worth checking out:

    https://forums.mydigitallife.net/th...8-r2-wms-or-win-embedded-update-status.30670/

    direct link to his site: http://windows-update-checker.com
     
  20. s1ave77

    s1ave77 Has left at his own request

    Aug 15, 2012
    16,097
    24,396
    340
    Give me a moment :D.

    That challenge at least made me re-work WU TOOL to now parse the versions correctly from WU offer and from List/Folder. Need to try that first :cool2:.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...