cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SouthySuper
Engaged Sweeper III

Microsoft update catalog (example):

http://catalog.update.microsoft.com/v7/site/search.aspx?q=4012598

I downloaded all the packages for our environment (renamed each because they are ridiculously long file names). I then used lansweeper to create a deployment package consisting of several commands like:

wusa.exe \\sharename\patch.msu /quiet /norestart

13 REPLIES 13
SouthySuper
Engaged Sweeper III
I ended up revising mine quite a bit from my original example. I found out I had an odd server version in one case and way too many windows 10 variations. Using the lansweeper report helps to identify which updates need to be added to your deployment. I'm not sure if MS mentioned it but both 2008r2 and 2012r2 must be on at least sp1 or the cumulative update in order for the patches to install (otherwise you'll get error about not applying to your system). Good luck everyone.
helpdesktrv
Engaged Sweeper II
Thank you very much. It worked for us for Windows 7.
Now we have to do the same on computers running Windows XP. For this OS there is the KB4012598 for WannaCry update.
But since it is a .exe file that needs user intervention (Next, "Accepts EULA", etc.), we can not make silent installation. Can you help us to do this please?
SouthySuper
Engaged Sweeper III
This lansweeper report can be used for the sheduled deployment.
https://www.lansweeper.com/forum/yaf_postsm50430_Ransomware--MS17-010-Windows-computers-that-are-potentialy-vulnerable.aspx#post50430

My example was just a rough draft, but can be used to push all known patches, if each does not apply it fails silently then goes to next and so on. WSUS/SCCM is best for patch deloyment, but this is quick and gets the most critical patches pushed immediately. Hope this helps
nointegerallowe
Engaged Sweeper
Will this detect the correct O/S and install the appropriate patches or is this relying on the install packages to do that?