?
Solved

How to download the cabinate file for scanning the missing security patches on the server?

Posted on 2016-08-24
4
Medium Priority
?
290 Views
Last Modified: 2016-09-13
My Server is not updating from the wsus server, so I need to run the scanning
on the server for missing security patches, for that, I need to download the latest wsus cabinate file, please help.
0
Comment
Question by:satheesh kumar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 64

Assisted Solution

by:btan
btan earned 1200 total points (awarded by participants)
ID: 41769577
May consider use of MBSA

Using MBSA without Internet access

In order to get the most accurate scan results, MBSA needs to download the latest updates from Microsoft.com. If you need to scan computers from a network that has no Internet access, you need to take extra steps to update MBSA since it won’t be able to reach Microsoft.com. To complete this step you need to update the Wsusscn2.cab file located in %SystemDrive%\Users\UserName\AppData\Local\Microsoft\MBSA\Cache. The Wsusscn2.cab file (signed by Microsoft) contains the security updates, update rollups, and service packs that are available from Microsoft Update. Wsusscn2.cab is automatically updated when a security update, update rollup, or service pack is added, removed, or revised on the Microsoft Updates site. Computers that are not connected to the Internet can be scanned and then updated for the updates in the WsusScn2.cab file.
https://dougvitale.wordpress.com/2011/11/18/microsoft-baseline-security-analyzer/#nointaccess
0
 
LVL 8

Accepted Solution

by:
Hector2016 earned 800 total points (awarded by participants)
ID: 41770145
Please use the WSUSOffline tool for all computers without direct access to the internet or to WSUS.

http://download.wsusoffline.net/

You need to run this tool on a computer with internet access and then share the Client folder to every offline computer, then run the Installer application inside that folder from each computer and it will update the computer. You can also create ISO files with collections of updates for each windows or office versions and languages.

You dont need to worry about the location of the WSUS cabinet file, because the tool will download and use it transparently.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 1200 total points (awarded by participants)
ID: 41770256
Can check out MBSA for offline as shared earlier too
MBSA uses files that it downloads from the Internet, but the computer I want to use to scan my network doesn't have Internet access. How can I use MBSA in an offline and secure environment?

You can either perform the scan using the mbsacli command-line utility with the /nd (do not download) parameter, or you can perform the scan using the GUI. Before scanning you must copy the necessary files to the computer performing the scan.

Four types of files are required:
Security update catalog (wsusscn2.cab), available from the  Microsoft Web site
Windows Update Redistribution Catalog (wuredist.cab) located at  

http://update.microsoft.com/redist/wuredist.cab
Authorization catalog (muauth.cab) for Windows Update site access, available from the  Microsoft Web site or by examining the contents of the wuredist.cab file located at  

http://update.microsoft.com/redist/wuredist.cab

Windows Update Agent standalone installers (if not already installed): For x86-based computers (WindowsUpdateAgent30-x86.exe) or
For x64-based computers (WindowsUpdateAgent30-x64.exe) or
For ia64-based computers (WindowsUpdateAgent30-ia64.exe), the latest versions are available by examining the contents of the wuredist.cab file located at  

http://update.microsoft.com/redist/wuredist.cab

After downloading the files from the Microsoft Web site, copy all files listed above to the following folder on the computer performing the security update scan:
C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\MBSA\Cache

Important: To ensure that MBSA has access to the most current versions of these files, you should download them on a weekly basis or after any release of security bulletins from Microsoft. This is especially important in the case of the security update catalog (Wsusscn2.cab) because Microsoft releases an updated version of this file whenever new security bulletins are released or updated.

When you run MBSA to perform security update checks on remote computers, MBSA deploys the Windows Update Agent to the remote computer. Although an ia64 version of the Windows Update Agent (WindowsUpdateAgent30-ia64.exe) is available for Itanium-based computers, MBSA does not automatically deploy this version. It must be installed and configured on Itanium-based computers before performing a security scan on those computers.
0
 
LVL 64

Expert Comment

by:btan
ID: 41795679
As explained for offline downloads and provided guidance on approaches.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question