Solved

Download a file from microsoft that contains all hotfixes and updates

Posted on 2016-09-01
9
52 Views
Last Modified: 2016-09-04
Hi Experts

I'm trying to find out if there is a file that can be downloaded from Microsoft that contains all current hotfixes and updates
I would like to take a list of those installed on my networks PC's and compare them with the latest Microsoft version using a VB.Net app
Many of our PC's do not have internet access

Many thanks
0
Comment
Question by:PNRT
9 Comments
 
LVL 9

Expert Comment

by:bas2754
ID: 41780935
I don't think there is any such item yet available, however I believe in October Microsoft will be rolling updates out as a full update package once a month that can just be installed on top of whatever OS (7 and up) you are using.  In other words, no more individual updates.
0
 
LVL 16

Expert Comment

by:Malmensa
ID: 41780941
If you have a heap of machines on a site that you need to keep updated in a controlled, centrally manage manner, then Microsoft's answer is to install a WSUS server. This will download, manage and monitor updates for all your machines.
0
 
LVL 10

Expert Comment

by:Maclean
ID: 41780957
There is a monthly convenience roll-up for windows 7,8, 8.1 & 10, Server 2008 R2, 2012 (Not sure on 2012 R2) which is exactly for this purpose (Offline systems)

Read all about it here

Latest Win 7/2008 R2 version info here (Need to download it from Windows Catalog, which you can also import into WSUS to patch local)
0
 
LVL 1

Author Comment

by:PNRT
ID: 41781126
Hi all
Maclean seems to be the closest to what I was looking for.
Do you know if it is possible to extract a list of the updates included in each download?
That was the actual thing I was trying to get.   An up to date list of all updates and hotfixes
for each OS, not necessarily the software itself.   Perhaps there's somewhere else I can
get the list from?
Many Thanks for the replies
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 10

Accepted Solution

by:
Maclean earned 500 total points
ID: 41782436
I think such a list does not exist in detail if this is what you are after.
Each PC, Hardware Component, Software Feature enabled/disabled, Brand, Model, Software version could trigger a set of updates not required on other systems. Hence a complete list depends on whats inside and on your computer OS.

Closest you could get it using either WSUS to do an offline patch scan (WSUS would need to be able to connect to internet I believe) or a MS Baseline Security Analyzer. to report on missing patches hence create a list.

However the patch I provided will do this for you and patch them. It won't tell you what is missing, but it holds all existing and required patches. Scans for missing, deploys the required ones.
Would this suffice? Or did you want a list of all patches ever released including superseded ones, and anything that patches whatever patch that has ever been released?
0
 
LVL 1

Author Comment

by:PNRT
ID: 41782886
Thanks for the reply Maclean, much appreciated
Initially it was the list of everything that I was looking for.  But with your great explanation
of "how would you know what updates were applicable to each machine", it rather makes a
nonsense of what I was trying to do.  

Without putting a WSUS Server at every branch, that would also not be an option as they cannot connect to Head Office where a WSUS Server would normally be.   My worry is, email vulnerability, users and their USB drives, and the idiots that find a way of connection to the internet via their phones.    I don't really want to rely just on AV software.
 
I was trying to think of a sort of homegrown solution that I could adapt but for the offline machines, it looks like I will have to upload the catalog to each machine and have it update that way?   What a mission!

Many thanks again for the advice.
0
 
LVL 10

Expert Comment

by:Maclean
ID: 41783916
If you use Windows 10 internally, you can have 1 system download & distribute updates from what I understand from Microsoft. I have not tested this, but everything points towards this option.

The Convenience Patch would be a not too cumbersome solution to implement I think. It can be a tad large in size, but download the pre-requisites (Ironically to do the "All patches patch" you need to download some patches first which I personally find funny in a geeky way) and then add those together with the convenience roll-up on a share.

Tricky bit from here would be a script which looks whether the pre-requisites are already deployed, and if yes, go ahead with the convenience rollup. If not, deploy patches, then deploy the convenience patch. Less rigorous way is to just deploy them all (Convenience patch last). In theory the WUSA engine should just ignore the patch if already deployed and attempted again. Just takes more time as it searches using the WUSA engine whether the update is applicable yes/no.

I do believe you could run Belarc Advisor or as mentioned the MS Security Analyzer on each PC to get a list of missing updates. But to me that sounds like a painful task to go through PC by PC, and once you have that list, the administrative overhead to make some plan from there would be not worth the hassle for me if I was tasked with this. Happy to hear my suggestion helped you. Good luck getting things sorted.
0
 
LVL 1

Author Comment

by:PNRT
ID: 41783924
Many Thanks again Maclean
In fact I was trying replicate something exactly like Belarc Advisor that I could run in my own app to make everything less tedious.  Looks like I'm stuck with though.
Many thanks again for taking the time to come back.
0
 
LVL 10

Expert Comment

by:Maclean
ID: 41783930
Look, if its USB and Modems (Hotspotting via phone = modem really) that worry you, then lock it down.
That would be the easier step. But you still need to patch machines at some stage for the "Worst case" scenario. (In my opinion)
This however would kill the immediate threat probably.

You can restrict Hardware via GPO using Technet instructions (There might be better blogs than this one)
Or use a 3rd party product to manage it for you. One of our clients enjoys this product. I'm a GPO man myself.

Anyhow, I'll leave you in thoughts and get cracking at my own tasks. Monday morning. Coffee time before my incidents & request queue's gets loaded up by the team here.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

A theme is a collection of property settings that allow you to define the look of pages and controls, and then apply the look consistently across pages in an application. Themes can be made up of a set of elements: skins, style sheets, images, and o…
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now