Last active
January 12, 2017 20:47
-
-
Save UmbrielSecurity/c9a51415f9a8efec194a92de05530a57 to your computer and use it in GitHub Desktop.
Microsoft KB Hunter - Searches installed Windows Updates and the list of Quick Fix Engineering items.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Quick and dirty Hotfix and Windows Updates | |
# | |
# UmbrielSecurity | |
Function Get-MSHotfix | |
{ | |
$outputs = Invoke-Expression "wmic qfe list" | |
$Session = New-Object -ComObject "Microsoft.Update.Session" | |
$Searcher = $Session.CreateUpdateSearcher() | |
$historyCount = $Searcher.GetTotalHistoryCount() | |
$other_outputs = $Searcher.QueryHistory(0, $historyCount) | Select-Object Title | ForEach-Object {$_ -match "^.*\((KB[0-9]+)\).*$" > $null; $matches[1] } | |
$outputs = $outputs[1..($outputs.length)] | |
foreach ($output in $Outputs) { | |
if ($output) { | |
$output = $output -replace 'y U','y-U' | |
$output = $output -replace 'NT A','NT-A' | |
$output = $output -replace '\s+',' ' | |
$parts = $output -split ' ' | |
New-Object -Type PSObject -Property @{ | |
KBArticle = [string]$parts[0] | |
Computername = [string]$parts[1] | |
Description = [string]$parts[2] | |
FixComments = [string]$parts[6] | |
HotFixID = [string]$parts[3] | |
InstalledBy = [string]$parts[4] | |
InstallDate = [string]$parts[7] | |
Name = [string]$parts[8] | |
ServicePackInEffect = [string]$parts[9] | |
Status = [string]$parts[10] | |
} | |
} | |
} | |
foreach ($other_output in $other_outputs) { | |
if ($other_output) { | |
New-Object -Type PSObject -Property @{ | |
KBArticle = [string]"foo" | |
Computername = [string]"foo" | |
Description = [string]"foo" | |
FixComments = [string]"foo" | |
HotFixID = [string]$other_output | |
InstalledBy = [string]"foo" | |
InstallDate = [string]"foo" | |
Name = [string]"foo" | |
ServicePackInEffect = [string]"foo" | |
Status = [string]"foo" | |
} | |
} | |
} | |
} | |
# This is is where you put the list of KBs to look for. | |
$TargetKBs=@("KB3154132", "KB3145739", "KB3148198", "KB3145739", "KB3146963", "KB3148198", "KB3114960", "KB3114944", "KB3147461", "KB3154132", "KB3147458", "KB3146963", "KB3154132", "KB3144427", "KB3142045", "KB3154132", "KB3147461", "KB3114994", "KB3114987", "KB3114990", "KB3114990", "KB3144427", "KB3114982", "KB3145739", "KB3114960", "KB3114993", "KB3114993", "KB3114944", "KB3114937", "KB3148198", "KB3154132", "KB3146963", "KB3145739", "KB3114983", "KB3148198", "KB3146963", "KB3147458", "KB3142042", "KB3144429", "KB3114937", "KB3154132", "KB3142042", "KB3142045", "KB3146706", "KB3135456", "KB3114566", "KB3143693", "KB3149090", "KB3146723", "KB3114985", "KB3146706", "KB3143693", "KB3114947", "KB3114947", "KB3114542", "KB3114566", "KB3143693", "KB3146723", "KB3149090", "KB3114964", "KB3146706", "KB3114898", "KB3146706", "KB3143693", "KB3114964", "KB3114895", "KB3149090", "KB3149090", "KB3114892", "KB3114888", "KB3114888", "KB3139219", "KB3148851", "KB3147071", "KB3136019", "KB3138901", "KB3140250", "KB3139165", "KB3140219", "KB3114999", "KB3148851", "KB3114958", "KB3114965", "KB3139923", "KB3139923", "KB3114953", "KB3147071", "KB3140185", "KB3141074", "KB3114989", "KB3114969", "KB3140222", "KB3137725", "KB3139219", "KB3139923", "KB3148851", "KB3114961", "KB3138602", "KB3141074", "KB3133690", "KB3140741", "KB3140250", "KB3148851", "KB3137725", "KB3140786", "KB3147071", "KB3140185", "KB3137061", "KB3139923", "KB3114954", "KB3140219", "KB3140234", "KB3140786", "KB3140741", "KB3139165", "KB3133977", "KB3147071", "KB3139896", "KB3140234", "KB3137061", "KB3114860", "KB3085587", "KB3114903", "KB3114969", "KB3114959", "KB3114712", "KB3114941", "KB3114694", "KB2920720", "KB3109976", "KB3114815", "KB3114954", "KB3114972", "KB3114970", "KB3114864", "KB3114859", "KB3114970", "KB3114928", "KB3114958", "KB3114973", "KB3114860", "KB3114535", "KB3114972", "KB3115224", "KB2977759", "KB3114854", "KB3114903", "KB3039756", "KB2976978", "KB3039793", "KB2977759", "KB2976978", "KB2952664", "KB3039756", "KB3114694", "KB2976978", "KB3114942", "KB3114932", "KB3114942", "KB3114996", "KB3114996", "KB3114856", "KB2976978", "KB3114856", "KB3114854", "KB2920720", "KB2952664", "KB3114957", "KB3114867", "KB3114867", "KB3115224", "KB3114961", "KB915597", "KB3138901", "KB3114973", "KB3114971", "KB3137061", "KB3114999", "KB3137728", "KB3085587", "KB3133681", "KB3114928", "KB3114712", "KB3140222", "KB3137061", "KB3134785", "KB3114859", "KB3114535", "KB2267602", "KB3133681", "KB3114979", "KB3114825", "KB3125217", "KB3100473", "KB3114864", "KB3114968", "KB3114953", "KB3100473", "KB3137728", "KB3114971", "KB3114959", "KB3114989", "KB3136019", "KB3133977", "KB3134785", "KB3125217", "KB3109976", "KB3114815", "KB3114968", "KB3138602", "KB3114941", "KB3114932", "KB3114825", "KB3114965", "KB3114957", "KB3106932") | |
Write-Host "Looking for" $TargetKBs.count "KBs..." | |
$Hotfixes=Get-MSHotfix | |
$found_counter=0 | |
Foreach ($TargetKB in $TargetKBs) { | |
$found=0 | |
Foreach ($InstalledHotfix in $Hotfixes.HotFixId) { | |
if ($TargetKB -eq $InstalledHotfix) { | |
$found=1 | |
$found_counter+=1 | |
} | |
} | |
if ($found -eq 1) { | |
Write-Host " $TargetKB is installed." | |
} else { | |
Write-Host " $TargetKB is not installed." | |
} | |
} | |
Write-Host | |
Write-Host "Searched for :" $TargetKBs.count "KBs" | |
Write-Host " :" $found_counter "KBs are installed." | |
$not_found_counter = $TargetKBs.count - $found_counter | |
Write-Host " :" $not_found_counter "KBs are NOT installed." |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment