Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1120
  • Last Modified:

How to download the cabinate file for scanning the missing security patches on the server?

My Server is not updating from the wsus server, so I need to run the scanning
on the server for missing security patches, for that, I need to download the latest wsus cabinate file, please help.
0
satheesh kumar
Asked:
satheesh kumar
  • 3
3 Solutions
 
btanExec ConsultantCommented:
May consider use of MBSA

Using MBSA without Internet access

In order to get the most accurate scan results, MBSA needs to download the latest updates from Microsoft.com. If you need to scan computers from a network that has no Internet access, you need to take extra steps to update MBSA since it won’t be able to reach Microsoft.com. To complete this step you need to update the Wsusscn2.cab file located in %SystemDrive%\Users\UserName\AppData\Local\Microsoft\MBSA\Cache. The Wsusscn2.cab file (signed by Microsoft) contains the security updates, update rollups, and service packs that are available from Microsoft Update. Wsusscn2.cab is automatically updated when a security update, update rollup, or service pack is added, removed, or revised on the Microsoft Updates site. Computers that are not connected to the Internet can be scanned and then updated for the updates in the WsusScn2.cab file.
https://dougvitale.wordpress.com/2011/11/18/microsoft-baseline-security-analyzer/#nointaccess
0
 
Hector2016Systems Administrator and Solutions ArchitectCommented:
Please use the WSUSOffline tool for all computers without direct access to the internet or to WSUS.

http://download.wsusoffline.net/

You need to run this tool on a computer with internet access and then share the Client folder to every offline computer, then run the Installer application inside that folder from each computer and it will update the computer. You can also create ISO files with collections of updates for each windows or office versions and languages.

You dont need to worry about the location of the WSUS cabinet file, because the tool will download and use it transparently.
0
 
btanExec ConsultantCommented:
Can check out MBSA for offline as shared earlier too
MBSA uses files that it downloads from the Internet, but the computer I want to use to scan my network doesn't have Internet access. How can I use MBSA in an offline and secure environment?

You can either perform the scan using the mbsacli command-line utility with the /nd (do not download) parameter, or you can perform the scan using the GUI. Before scanning you must copy the necessary files to the computer performing the scan.

Four types of files are required:
Security update catalog (wsusscn2.cab), available from the  Microsoft Web site
Windows Update Redistribution Catalog (wuredist.cab) located at  

http://update.microsoft.com/redist/wuredist.cab
Authorization catalog (muauth.cab) for Windows Update site access, available from the  Microsoft Web site or by examining the contents of the wuredist.cab file located at  

http://update.microsoft.com/redist/wuredist.cab

Windows Update Agent standalone installers (if not already installed): For x86-based computers (WindowsUpdateAgent30-x86.exe) or
For x64-based computers (WindowsUpdateAgent30-x64.exe) or
For ia64-based computers (WindowsUpdateAgent30-ia64.exe), the latest versions are available by examining the contents of the wuredist.cab file located at  

http://update.microsoft.com/redist/wuredist.cab

After downloading the files from the Microsoft Web site, copy all files listed above to the following folder on the computer performing the security update scan:
C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\Cache

Important: To ensure that MBSA has access to the most current versions of these files, you should download them on a weekly basis or after any release of security bulletins from Microsoft. This is especially important in the case of the security update catalog (Wsusscn2.cab) because Microsoft releases an updated version of this file whenever new security bulletins are released or updated.

When you run MBSA to perform security update checks on remote computers, MBSA deploys the Windows Update Agent to the remote computer. Although an ia64 version of the Windows Update Agent (WindowsUpdateAgent30-ia64.exe) is available for Itanium-based computers, MBSA does not automatically deploy this version. It must be installed and configured on Itanium-based computers before performing a security scan on those computers.
0
 
btanExec ConsultantCommented:
As explained for offline downloads and provided guidance on approaches.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now