Import Hotfix Script

My friend Markus at isolation.se has a great list of hotfixes that’s good to have in your datacenter if you run Microsoft infrastructure.

He also has a script that’s starts Internet Explorer and makes it easier to import the hotfixes in to your WSUS, here’s his blogpost http://www.isolation.se/semi-automatic-hotfix-import-into-wsus/.IT-Kanalen.se

I’ve had a customer that I needed to check which hotfixes they had and import the missing ones. So I added some functionality to Marcus script so that it also checks the WSUS server for hotfixes so you only need to download the missing hotfixes.

Here is the script:

###################################################################
#    Written by Mattias Lehmus, TrueSec
#    Twitter: @onelehmus
#    Blog: onelehmus.com
#
#    THIS CODE IS PROVIDED *AS IS*
###################################################################

Param(
[Parameter(Mandatory=$true)]
[String]$WSUSServer,
[Parameter(Mandatory=$true)]
[Int]$WSUSServerPort,
[Parameter(Mandatory=$true)]
[String]$HotFixXML
)

#Variables
$pauseOn = “21”,”41″,”61″,”81″,”101″,”121″,”141″,”161″,”181″,”201″,”221″,”241″,”261″,”281″,”301″
$I = 0

#Get Hotfixes from XML
$Hotfixes = Import-Clixml $HotFixXML

#Get Hotfixes from WSUS
$HotfixesInWSUS = Get-WsusUpdate -UpdateServer (Get-WsusServer -Name $WSUSServer -PortNumber $WSUSServerPort) -Classification All -Approval AnyExceptDeclined -Status Any | Where-Object classification -eq “Hotfix”

#Compare lists to create list of missing hotfixes
$MissingHotfixes = (Compare-Object -ReferenceObject $HotfixesInWSUS.Update.KnowledgebaseArticles -DifferenceObject $Hotfixes.KB | where SideIndicator -eq “=>”).inputobject

#Import Missing Hotfixes
foreach ($MissingHotfix in $MissingHotfixes) {
$url = ($Hotfixes | where KB -eq $MissingHotfix).MUUri
$I++
If ($I -in $pauseOn) {
Write-Host “Import hotfixes before continue, then press Y”
$continue = Read-Host
If ($continue -ne “Y”) {break}
}
$I
& ‘C:\Program Files\Internet Explorer\iexplore.exe’ $url
}

The script can be downloaded here: https://1drv.ms/u/s!AsVfLv6C271rhqQGa-WI4CTrbO9xxg

To run the script you need to download Markus xml file from: http://www.isolation.se/semi-automatic-hotfix-import-into-wsus/ and run the script on your WSUS server with parameters like this:

Import-Hotfixes.ps1 -wsusserver “localhost” -wsusserverport 8530 -hotfixxml ” c:\temp\hotfixes.xml”

I hope this can help you with your hotfix management.

//Mattias

Post Comment