• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 160
  • Last Modified:

Download a file from microsoft that contains all hotfixes and updates

Hi Experts

I'm trying to find out if there is a file that can be downloaded from Microsoft that contains all current hotfixes and updates
I would like to take a list of those installed on my networks PC's and compare them with the latest Microsoft version using a VB.Net app
Many of our PC's do not have internet access

Many thanks
1 Solution
I don't think there is any such item yet available, however I believe in October Microsoft will be rolling updates out as a full update package once a month that can just be installed on top of whatever OS (7 and up) you are using.  In other words, no more individual updates.
Mal OsborneAlpha GeekCommented:
If you have a heap of machines on a site that you need to keep updated in a controlled, centrally manage manner, then Microsoft's answer is to install a WSUS server. This will download, manage and monitor updates for all your machines.
MacleanSystem EngineerCommented:
There is a monthly convenience roll-up for windows 7,8, 8.1 & 10, Server 2008 R2, 2012 (Not sure on 2012 R2) which is exactly for this purpose (Offline systems)

Read all about it here

Latest Win 7/2008 R2 version info here (Need to download it from Windows Catalog, which you can also import into WSUS to patch local)
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

PNRTAuthor Commented:
Hi all
Maclean seems to be the closest to what I was looking for.
Do you know if it is possible to extract a list of the updates included in each download?
That was the actual thing I was trying to get.   An up to date list of all updates and hotfixes
for each OS, not necessarily the software itself.   Perhaps there's somewhere else I can
get the list from?
Many Thanks for the replies
MacleanSystem EngineerCommented:
I think such a list does not exist in detail if this is what you are after.
Each PC, Hardware Component, Software Feature enabled/disabled, Brand, Model, Software version could trigger a set of updates not required on other systems. Hence a complete list depends on whats inside and on your computer OS.

Closest you could get it using either WSUS to do an offline patch scan (WSUS would need to be able to connect to internet I believe) or a MS Baseline Security Analyzer. to report on missing patches hence create a list.

However the patch I provided will do this for you and patch them. It won't tell you what is missing, but it holds all existing and required patches. Scans for missing, deploys the required ones.
Would this suffice? Or did you want a list of all patches ever released including superseded ones, and anything that patches whatever patch that has ever been released?
PNRTAuthor Commented:
Thanks for the reply Maclean, much appreciated
Initially it was the list of everything that I was looking for.  But with your great explanation
of "how would you know what updates were applicable to each machine", it rather makes a
nonsense of what I was trying to do.  

Without putting a WSUS Server at every branch, that would also not be an option as they cannot connect to Head Office where a WSUS Server would normally be.   My worry is, email vulnerability, users and their USB drives, and the idiots that find a way of connection to the internet via their phones.    I don't really want to rely just on AV software.
I was trying to think of a sort of homegrown solution that I could adapt but for the offline machines, it looks like I will have to upload the catalog to each machine and have it update that way?   What a mission!

Many thanks again for the advice.
MacleanSystem EngineerCommented:
If you use Windows 10 internally, you can have 1 system download & distribute updates from what I understand from Microsoft. I have not tested this, but everything points towards this option.

The Convenience Patch would be a not too cumbersome solution to implement I think. It can be a tad large in size, but download the pre-requisites (Ironically to do the "All patches patch" you need to download some patches first which I personally find funny in a geeky way) and then add those together with the convenience roll-up on a share.

Tricky bit from here would be a script which looks whether the pre-requisites are already deployed, and if yes, go ahead with the convenience rollup. If not, deploy patches, then deploy the convenience patch. Less rigorous way is to just deploy them all (Convenience patch last). In theory the WUSA engine should just ignore the patch if already deployed and attempted again. Just takes more time as it searches using the WUSA engine whether the update is applicable yes/no.

I do believe you could run Belarc Advisor or as mentioned the MS Security Analyzer on each PC to get a list of missing updates. But to me that sounds like a painful task to go through PC by PC, and once you have that list, the administrative overhead to make some plan from there would be not worth the hassle for me if I was tasked with this. Happy to hear my suggestion helped you. Good luck getting things sorted.
PNRTAuthor Commented:
Many Thanks again Maclean
In fact I was trying replicate something exactly like Belarc Advisor that I could run in my own app to make everything less tedious.  Looks like I'm stuck with though.
Many thanks again for taking the time to come back.
MacleanSystem EngineerCommented:
Look, if its USB and Modems (Hotspotting via phone = modem really) that worry you, then lock it down.
That would be the easier step. But you still need to patch machines at some stage for the "Worst case" scenario. (In my opinion)
This however would kill the immediate threat probably.

You can restrict Hardware via GPO using Technet instructions (There might be better blogs than this one)
Or use a 3rd party product to manage it for you. One of our clients enjoys this product. I'm a GPO man myself.

Anyhow, I'll leave you in thoughts and get cracking at my own tasks. Monday morning. Coffee time before my incidents & request queue's gets loaded up by the team here.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now