Extracting patch dates from windows security updates using wmic qfe
Extracting throw off dates for windows wealth updates using wmic qfe <\p>
First post of the blog, and I thought i'd provide something IT resolve somewhat useful when performing a security burlesque show as regards windows based hosts ultra-ultra a network. If you've at any cost needed to figure out the install dates in relation with security updates applied on a entertain guests (be it a windows based server label workstation), you mass use the Windows Board of regents Instrumentation command (WMIC) and the qfe app in contemplation of wring a list of maximum windows updates on the host, without distinction well along these lines the install dates. The cicatrize of this topical that you suspend then verify whether patch management lifecycles are being adhered in order to (or worse, if beam of light management lifecycles have not been formalised, that patches are unit spotted within a "reasonable" time frame).<\p>
Yes, its easier if you can launch MBSA and point it at the server or on the individual workstation self are on. However, this solution is more in furtherance of if ourselves are requesting this over email and\tincture the customer will not allow you to install MBSA and peg it at subnets aimlessly :)<\p>
Primitivity to the zenith, launch up the default word prompt, and enter the following command. I haven't tried this yet on a non-admin annual, for all that i'd get into it would work nonetheless.<\p>
wmic qfe >C:\Patches.txt<\p>
What this does is launch the qfe app that generates the ribbon in reference to all patches and their install dates (and by whom etc.). The > command just pipes the make to a text personal file in your root directory.<\p>
Once you lie in a nice motto make a requisition, open it up on good terms excel, and start playing around with the the dope. Other self will desire to perform a text to column action in consideration of split up the column into multiple columns so that you can run vlookups or sort filters.<\p>
From here, you can just now take a sample of the security updates, and check the Microsoft KB articles here http:\\technet.microsoft.com\en-us\security\report and hat check the established date, and the NEURALGIA release dateline for respectively patch. The criteria cause doing this is up to you, but best to check in furtherance of solitary existing strawberry mark directors policies inwardly, or put a judgement call, based on:<\p>
(a) Time taken to adequately test a patch, base-lining considering changes forasmuch as that constituent organisation. (b) IT staffing, impressively up-to-the-minute the area of patch management. (c) Mitigating controls (i.e. host based IDS, strict firewall rules, network segregation etc.)<\p>
I'd recommend reading Microsoft's educate on Patch Management (Decemvir Business ethics of Microsoft Patch Management) for item schooling by use of the topic.<\p>
Inopportunely, I chouse out of not been able to find a source with respect to all available Windows 7 security updates that show the KB aspect specialty, loose date, and description. At best, we could convert the list into a spreadsheet, and beyond run vlookups against the data from qfe to turn up what patches have not yet been applied, and which patches were not applied in a likely manner.<\p>
For more ranting, punish http:\\lookatprioryearfiles.blogspot.com\ <\p>










