Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Detecting Security Updates on Vista/Windows 7/2008/2008R2

When trying to detect whether updates have been installed or not, there were several places we investigated:

  • HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • HKLM\Software\Microsoft\WindowsNT\CurrentVersion\HotFix
  • HKLM\Software\Microsoft\Updates

Some updates still write to these locations to enable detection and they should be looked for. For instance, SQL Server 2005 SP4 for the database engine will be found at:

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB246332_SQL9

However, OS based updates to Vista and above don't tend to get written to a registry key. You could use MBSA or something of that sort to try and detect them all, but there is a simpler method that can be easily scripted. It's the PowerShell Get-Hotfix Cmdlet. If I want a list of all hotfixes, it's simply:

Get-Hotfix


If I know of a specific hotfix to find, I can use the -ID switch. For instance, to find out whether MS11-064 has been installed, I need to refer to its KB#.

Get-Hotfix -ID KB2563894


Do note that this detection isn't perfect. Updates don't necessarily register where Get-Hotfix is looking. For instance, this will throw an error, even if it's installed (SQL Server 2005 SP4):

Get-Hotfix -ID KB246332

Instead, you can use the provder to look for it:

gci HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall `
 | Where-Object {$_.name -match "KB2463332_.*"}

Given the multiple locations it may be easier to use a specialized tool, but if you're just looking for a handful of patches, then it should be fairly easy to use Powershell to do so.

Comments

Posted by Steve Jones on 6 October 2011

Good tool, and something to keep around. Briefcasing this one. Thanks

Leave a Comment

Please register or log in to leave a comment.