My friend Markus at isolation.se has a great list of hotfixes that’s good to have in your datacenter if you run Microsoft infrastructure.
He also has a script that’s starts Internet Explorer and makes it easier to import the hotfixes in to your WSUS, here’s his blogpost http://www.isolation.se/semi-automatic-hotfix-import-into-wsus/.
I’ve had a customer that I needed to check which hotfixes they had and import the missing ones. So I added some functionality to Marcus script so that it also checks the WSUS server for hotfixes so you only need to download the missing hotfixes.
Here is the script:
###################################################################
# Written by Mattias Lehmus, TrueSec
# Twitter: @onelehmus
# Blog: onelehmus.com
#
# THIS CODE IS PROVIDED *AS IS*
###################################################################Param(
[Parameter(Mandatory=$true)]
[String]$WSUSServer,
[Parameter(Mandatory=$true)]
[Int]$WSUSServerPort,
[Parameter(Mandatory=$true)]
[String]$HotFixXML
)#Variables
$pauseOn = “21”,”41?,”61?,”81?,”101?,”121?,”141?,”161?,”181?,”201?,”221?,”241?,”261?,”281?,”301?
$I = 0#Get Hotfixes from XML
$Hotfixes = Import-Clixml $HotFixXML#Get Hotfixes from WSUS
$HotfixesInWSUS = Get-WsusUpdate -UpdateServer (Get-WsusServer -Name $WSUSServer -PortNumber $WSUSServerPort) -Classification All -Approval AnyExceptDeclined -Status Any | Where-Object classification -eq “Hotfix”#Compare lists to create list of missing hotfixes
$MissingHotfixes = (Compare-Object -ReferenceObject $HotfixesInWSUS.Update.KnowledgebaseArticles -DifferenceObject $Hotfixes.KB | where SideIndicator -eq “=>”).inputobject#Import Missing Hotfixes
foreach ($MissingHotfix in $MissingHotfixes) {
$url = ($Hotfixes | where KB -eq $MissingHotfix).MUUri
$I++
If ($I -in $pauseOn) {
Write-Host “Import hotfixes before continue, then press Y”
$continue = Read-Host
If ($continue -ne “Y”) {break}
}
$I
& ‘C:Program FilesInternet Exploreriexplore.exe’ $url
}
The script can be downloaded here: https://1drv.ms/u/s!AsVfLv6C271rhqQGa-WI4CTrbO9xxg
To run the script you need to download Markus xml file from: http://www.isolation.se/semi-automatic-hotfix-import-into-wsus/ and run the script on your WSUS server with parameters like this:
Import-Hotfixes.ps1 -wsusserver “localhost” -wsusserverport 8530 -hotfixxml ” c:temphotfixes.xml”
I hope this can help you with your hotfix management.
//Mattias