Many of you are using MBSA, Microsoft Baseline Security Analyzer, to get a list of missing patches for Windows and Microsoft applications. If you want to learn more about automate the scan and automatically download the patches here are some tips and a script that will help you to save time!

MBSA Web Site, http://go.microsoft.com/fwlink/?linkid=20567
Download MBSA 2.3, http://www.microsoft.com/en-us/download/details.aspx?id=7558

So go download the tool and browse to the installed folder and you will find mbsacli.exe. This is the command you want to use for automate your scans! If you want just information about the missing patches, add the parameter /xmlout.

image

Example: MBSACLI /xmlout /catalog c:\temp\wsusscn2.cab /unicode >updates.xml

If you take a closer look at the XML file in Internet Explorer you will notice it is easy to read and browse the content, you can even copy the Download URL and paste into Internet Explorer to download the patch.

image

But hold on, that is just too time consuming.. If you use PowerShell you can perform all these steps automatically.

Following PowerShell example script will browse the XML content, download all the missing patches, and even create a batch file for you to install all the patches in one click! I hope this will help you to save time and do some fun stuff instead!

(Added 2015-03-27) Copy the script below, paste it into Notepad or PowerShell ISE and save it as GetUpdates.ps1 in the same folder as the Updates.xml file. To run the script, open a command prompt or a PowerShell prompt and type “Powershell .\GetUpdates.ps1” when you are located in the same directory as the script.

$UpdateXML = “updates.xml”
$toFolder = “c:\temp\”
$installFile = $toFolder +”\_Install.bat”

#Initialize webclient for downloading files
$webclient = New-Object Net.Webclient
$webClient.UseDefaultCredentials = $true

# Get the content of the XML file
$Updates = [xml](Get-Content $UpdateXML)

“@Echo Off” | Out-File $installFile
“REM This will install all patches” | Out-File $installFile -Append

foreach ($Check in $Updates.XMLOut.Check)
{
Write-Host “Checking for”, $Check.Name
Write-Host $Check.Advice.ToString()

#Checking for files to download
foreach ($UpdateData in $Check.Detail.UpdateData)
{
if ($UpdateData.IsInstalled -eq $false)
{
Write-Host “Download the file for KB”, $UpdateData.KBID
Write-Host “Starting download “, $UpdateData.Title, “.”
$url = [URI]$UpdateData.References.DownloadURL
$fileName = $url.Segments[$url.Segments.Count – 1]
$toFile = $toFolder +”\”+ $fileName
#$webClient.DownloadFile($url, $toFile)
Write-Host “Done downloading”

“@ECHO Starting installing “+ $fileName | Out-File $installFile -Append
if ($fileName.EndsWith(“.msu”))
{
“wusa.exe “+ $fileName + ” /quiet /norestart /log:%SystemRoot%\Temp\KB”+$UpdateData.KBID+”.log” | Out-File $installFile -Append
}
elseif ($fileName.EndsWith(“.cab”))
{
“start /wait pkgmgr.exe /ip /m:”+ $fileName + ” /quiet /nostart /l:%SystemRoot%\Temp\KB”+$UpdateData.KBID+”.log” | Out-File $installFile -Append
}
else
{
$fileName + ” /passive /norestart /log %SystemRoot%\Temp\KB”+$UpdateData.KBID+”.log” | Out-File $installFile -Append
}
“@ECHO Installation returned %ERRORLEVEL%” | Out-File $installFile -Append
“@ECHO.” | Out-File $installFile -Append
Write-Host
}
}

Write-Host
}

Advertisements