Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Download a file from microsoft that contains all hotfixes and updates

Posted on 2016-09-01
Medium Priority
Last Modified: 2016-09-04
Hi Experts

I'm trying to find out if there is a file that can be downloaded from Microsoft that contains all current hotfixes and updates
I would like to take a list of those installed on my networks PC's and compare them with the latest Microsoft version using a VB.Net app
Many of our PC's do not have internet access

Many thanks
Question by:PNRT
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 41780935
I don't think there is any such item yet available, however I believe in October Microsoft will be rolling updates out as a full update package once a month that can just be installed on top of whatever OS (7 and up) you are using.  In other words, no more individual updates.
LVL 19

Expert Comment

by:Mal Osborne
ID: 41780941
If you have a heap of machines on a site that you need to keep updated in a controlled, centrally manage manner, then Microsoft's answer is to install a WSUS server. This will download, manage and monitor updates for all your machines.
LVL 11

Expert Comment

ID: 41780957
There is a monthly convenience roll-up for windows 7,8, 8.1 & 10, Server 2008 R2, 2012 (Not sure on 2012 R2) which is exactly for this purpose (Offline systems)

Read all about it here

Latest Win 7/2008 R2 version info here (Need to download it from Windows Catalog, which you can also import into WSUS to patch local)
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments


Author Comment

ID: 41781126
Hi all
Maclean seems to be the closest to what I was looking for.
Do you know if it is possible to extract a list of the updates included in each download?
That was the actual thing I was trying to get.   An up to date list of all updates and hotfixes
for each OS, not necessarily the software itself.   Perhaps there's somewhere else I can
get the list from?
Many Thanks for the replies
LVL 11

Accepted Solution

Maclean earned 2000 total points
ID: 41782436
I think such a list does not exist in detail if this is what you are after.
Each PC, Hardware Component, Software Feature enabled/disabled, Brand, Model, Software version could trigger a set of updates not required on other systems. Hence a complete list depends on whats inside and on your computer OS.

Closest you could get it using either WSUS to do an offline patch scan (WSUS would need to be able to connect to internet I believe) or a MS Baseline Security Analyzer. to report on missing patches hence create a list.

However the patch I provided will do this for you and patch them. It won't tell you what is missing, but it holds all existing and required patches. Scans for missing, deploys the required ones.
Would this suffice? Or did you want a list of all patches ever released including superseded ones, and anything that patches whatever patch that has ever been released?

Author Comment

ID: 41782886
Thanks for the reply Maclean, much appreciated
Initially it was the list of everything that I was looking for.  But with your great explanation
of "how would you know what updates were applicable to each machine", it rather makes a
nonsense of what I was trying to do.  

Without putting a WSUS Server at every branch, that would also not be an option as they cannot connect to Head Office where a WSUS Server would normally be.   My worry is, email vulnerability, users and their USB drives, and the idiots that find a way of connection to the internet via their phones.    I don't really want to rely just on AV software.
I was trying to think of a sort of homegrown solution that I could adapt but for the offline machines, it looks like I will have to upload the catalog to each machine and have it update that way?   What a mission!

Many thanks again for the advice.
LVL 11

Expert Comment

ID: 41783916
If you use Windows 10 internally, you can have 1 system download & distribute updates from what I understand from Microsoft. I have not tested this, but everything points towards this option.

The Convenience Patch would be a not too cumbersome solution to implement I think. It can be a tad large in size, but download the pre-requisites (Ironically to do the "All patches patch" you need to download some patches first which I personally find funny in a geeky way) and then add those together with the convenience roll-up on a share.

Tricky bit from here would be a script which looks whether the pre-requisites are already deployed, and if yes, go ahead with the convenience rollup. If not, deploy patches, then deploy the convenience patch. Less rigorous way is to just deploy them all (Convenience patch last). In theory the WUSA engine should just ignore the patch if already deployed and attempted again. Just takes more time as it searches using the WUSA engine whether the update is applicable yes/no.

I do believe you could run Belarc Advisor or as mentioned the MS Security Analyzer on each PC to get a list of missing updates. But to me that sounds like a painful task to go through PC by PC, and once you have that list, the administrative overhead to make some plan from there would be not worth the hassle for me if I was tasked with this. Happy to hear my suggestion helped you. Good luck getting things sorted.

Author Comment

ID: 41783924
Many Thanks again Maclean
In fact I was trying replicate something exactly like Belarc Advisor that I could run in my own app to make everything less tedious.  Looks like I'm stuck with though.
Many thanks again for taking the time to come back.
LVL 11

Expert Comment

ID: 41783930
Look, if its USB and Modems (Hotspotting via phone = modem really) that worry you, then lock it down.
That would be the easier step. But you still need to patch machines at some stage for the "Worst case" scenario. (In my opinion)
This however would kill the immediate threat probably.

You can restrict Hardware via GPO using Technet instructions (There might be better blogs than this one)
Or use a 3rd party product to manage it for you. One of our clients enjoys this product. I'm a GPO man myself.

Anyhow, I'll leave you in thoughts and get cracking at my own tasks. Monday morning. Coffee time before my incidents & request queue's gets loaded up by the team here.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With most software applications trying to cater to multiple user needs nowadays, the focus is to make them as configurable as possible. For e.g., when creating Silverlight applications which will connect to WCF services, the service end point usuall…
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question