Use powershell script to download windows patches monthly

最新推荐文章于 2024-10-02 14:53:00 发布
转载 最新推荐文章于 2024-10-02 14:53:00 发布 · 113 阅读 · 0 ·
CC 4.0 BY-SA版权
原文链接:http://www.cnblogs.com/LarryAtCNBlog/p/4026695.html

本文介绍了一个PowerShell脚本,该脚本能够自动从微软RSS源抓取最新的安全公告,并下载对应的补丁文件。通过多级过滤,如产品名称、KB号等条件筛选出所需的补丁,有效减轻了手动更新的工作负担。

My company concerns security, request us to deploy the newest patches on our servers in time, even we have firewall/encryption internally.

Welcome email to: larry.song@outlook.com

With the number of servers increasing, there must be some servers can't be patched as expected, probably caused by SCCM/WSUS or incorrect configuration on server, plus 3rd party patch scanning software and presures from security team, support team like me have to patch missing patches one by one. This makes me have to paste the MS number in google, and find the correct KB, then download and install, turns out it's a mess.

To make life easier, I did the script to automatic download patches from MS with scheduled time, the script will grab contents from MS RSS and get MS numbers and links, it will loop MS links and grabs KBs, and download patches to local path.

Security RSS: https://technet.microsoft.com/en-us/security/rss/bulletin

Workflow: Get contents of RSS -> grab MS numbers and links -> Enum MS links and grab KBs -> filter out some KB -> grab KB details link -> grab KB download links -> Download

Step by step to analysis the script,

 

$Url = 'https://technet.microsoft.com/en-us/security/rss/bulletin'
$ExcludeProducts = 'lync|Itanium|for mac'
$IncludeProducts = 'server'

$ExcludePatches = '-IA64|Windows6\.0|-RT-|ServiceBusServer'

$PatchStoreTo = '.\'

some variables defined,

$Url is the link of RSS;

$ExcludeProducts when get the contents of MS link, use regular expression to filter out unwanted product, for me is lync and patches for Itanium cpu;

$IncludeProducts after product filter, i want to filter again for KBs for "server";

$ExcludePatches is another filter, when final get patch link, I don't want patches for Itanium (Why? because some KB doesn't have enough details, so this filter added);

$PatchStoreTo is a path to store patches.

 

$WebClient = New-Object System.Net.WebClient
$WebClient.Encoding = [System.Text.Encoding]::UTF8

Create the webclient object and set the encoding

 

do
{
    $RSSContent = $WebClient.DownloadString($Url)
}
while(
    $(if(!$?)
    {
        Write-Host 'Failed to get RSS' -ForegroundColor Red
        Start-Sleep -Seconds 600
        $true
    })
)

Get the contents of RSS, if failed, will report with red words and sleep 10 minutes to do again.

 

([xml]$RSSContent).rss.channel.Item | Sort-Object link | %{...}

Convert RSS contents to XML type, then can easily retrieve data.

 

    $MSRC_URL = $_.link
    Write-Host "Processing: [$MSRC_URL]" -ForegroundColor Yellow
    $MSRC = ([regex]::Match($MSRC_URL, '(?i)MS\d+-\d+$')).Value
    Write-Host "MS number: [$MSRC]" -ForegroundColor Green
    if(!(Test-Path -LiteralPath "$PatchStoreTo\$MSRC"))
    {
        do
        {
            New-Item -Path "$PatchStoreTo\$MSRC" -ItemType Directory | Out-Null
        }
        while(
            $(if(!$?)
            {
                Write-Host 'Failed to create MSRC folder' -ForegroundColor Red
                Start-Sleep 300
                $true
            })
        )
    }

MS link stores in $MSRC_URL, and output to screen as color yellow, then use regular expression to grab MS number and stored in $MSRC, after that create a folder named as MS number to store patches.

 

    Write-Host "Trying to capture KBs from MSRC URL" -ForegroundColor Yellow
    do
    {
        $MSContent = $null
        $MSContent = $WebClient.DownloadString($MSRC_URL)
    }
    while(
        $(if(!$?)
        {
            Write-Host 'Failed to capture MSRC content' -ForegroundColor Red
            Start-Sleep 300
            $true
        })
    )

Above codes is to grab MS link contents and store in $MSContent.

MS link is like https://technet.microsoft.com/en-us/library/security/MS14-063, MS contents are the source codes behind the web page.

 

[regex]::Matches($MSContent, '(?i)<tr>[\s\S]+?<a href="(http://www.microsoft.com/downloads/details.aspx\?FamilyID=[\w\-]+?)">[\s\S]+?\((\d{7})\)') | %{...}

The code is to grab KB information, like KB number, and KB link.

It will match contents like below screenshot, all characters in the grah will be matched by the regular expression pattern.

 

        Write-Host "KB: [$($_.Groups[2].Value)]" -NoNewline -ForegroundColor Green
        if($_.Value -imatch $ExcludeProducts)
        {
            Write-Host "   --- Excluded: [$($Matches[0])]" -ForegroundColor Red
        }
        else
        {
            if($_.Value -notmatch $IncludeProducts)
            {
                Write-Host "   --- Excluded: Not match [$IncludeProducts]" -ForegroundColor Red
                return
            }
            $KBNumber = "KB$($_.Groups[2].Value)"
       Write-Host "`nDownload URL: [$($_.Groups[1].Value)]" -ForegroundColor Gray

Above code excludes the KBs matched product names in $excludeProducts, and left KB filtered again by $IncludeProducts, final passed KBs store in $KBNumber.

 

            do
            {
                $KBContent = $null
                $KBContent = $WebClient.DownloadString($_.Groups[1].Value)
            }while(
                $(if(!$?)
                {
                    Write-Host 'Failed to capture KB content' -ForegroundColor Red
                    Start-Sleep 300
                    $true
                })
            )

Above code get contents from KB link and stores in $KBContent,

KB link looks like this in $MSContent: http://www.microsoft.com/downloads/details.aspx?familyid=8a59fc6d-cbad-4905-842b-e5aa1fc6fedf

Access KB link will automatic redirect to:http://www.microsoft.com/en-us/download/details.aspx?id=44400

Surely this is a automation behavior of web server, I don't need to do anything in the script. Anyway the KB link page doesn't contain patch link, it just ask for confimation on languages and provide us some KB details, you can find screenshot followed.

As followed, I need to analysis KB contents, and find the page called "confirmation.aspx". Actually I can see it when I move my cursor on the "Download" button.

 

            $KBConfirm = ([regex]::Match($KBContent, '(?i)href="(confirmation.aspx\?id=\d+)"')).Groups[1].Value
            $KBConfirm = "http://www.microsoft.com/en-us/download/$KBConfirm"
            Write-Host "KB confirm URL: [$KBConfirm]" -ForegroundColor Gray
            do
            {
                $KBContent = $null
                $KBContent = $WebClient.DownloadString($KBConfirm)
            }while(
                $(if(!$?)
                {
                    Write-Host 'Failed to capture KB download content' -ForegroundColor Red
                    Start-Sleep 300
                    $true
                })
            )

Codes used to grab "confirmation.aspx" page link from KB contents, you may find the "id" behind "confirmation.aspx" is the same like "details.aspx" of KB link, but just for safey, I choose to grab "confirmation.aspx" page from KB content.

 

            $KBLinks = @()
            $KBLinks = [regex]::Matches($KBContent, '(?i)<a href="(http://download.microsoft.com/download/.+?)".+?>Click here</span>') | %{
                $_.Groups[1].Value
            }
            $KBLinks = @($KBLinks | Sort-Object -Unique)
            Write-Host "The KB contains updates: [$($KBLinks.Count)]" -ForegroundColor Green

After I get the contents of "confirmation.aspx", I use regular expression to match patch links and do a unique sort for final results, now $KBLinks contains all patches belong to that KB.

Followed screenshot is the "confirmation.aspx", it contains all patches download link, I used regular expression again to grab those links.

 

            $KBLinks | %{
                $FileName = $null
                $FileName = $_.Split('/')[-1]
                if($FileName -imatch $ExcludePatches)
                {
                    Write-Host "Patch excluded: [$($Matches[0])]" -ForegroundColor Red
                    return
                }

Now I have patch links in hand, the job left is download, but I do another filter before the downloading, as i mentioned previously, sometimes KB contents don't have enough information, so in here I use another filter to remove patches i don't want by patch names.

 

                if(Test-Path -Path $FilePath)
                {
                    Write-Host 'File already exists, skip!' -ForegroundColor Gray
                }
                else
                {
                    do
                    {
                        $WebClient.DownloadFile($_, $FilePath)
                    }while(
                        $(if(!$?)
                        {
                            Write-Host 'Download file failed!' -ForegroundColor Red
                            Start-Sleep -Seconds 300
                            $true
                        })
                    )
                }

Real download codes here, if patch already exists, script will skip it.

 

Last, one screenshot when script running, and full script followed.

Full script here,

$Url = 'https://technet.microsoft.com/en-us/security/rss/bulletin'
$ExcludeProducts = 'lync|Itanium|for mac'
$IncludeProducts = 'server'

$ExcludePatches = '-IA64|Windows6\.0|-RT-|ServiceBusServer'

$PatchStoreTo = '.\'

$WebClient = New-Object System.Net.WebClient
$WebClient.Encoding = [System.Text.Encoding]::UTF8

do
{
    $RSSContent = $WebClient.DownloadString($Url)
}
while(
    $(if(!$?)
    {
        Write-Host 'Failed to get RSS' -ForegroundColor Red
        Start-Sleep -Seconds 600
        $true
    })
)

([xml]$RSSContent).rss.channel.Item | Sort-Object link | %{
    $MSRC_URL = $_.link
    Write-Host "Processing: [$MSRC_URL]" -ForegroundColor Yellow
    $MSRC = ([regex]::Match($MSRC_URL, '(?i)MS\d+-\d+$')).Value
    Write-Host "MS number: [$MSRC]" -ForegroundColor Green
    if(!(Test-Path -LiteralPath "$PatchStoreTo\$MSRC"))
    {
        do
        {
            New-Item -Path "$PatchStoreTo\$MSRC" -ItemType Directory | Out-Null
        }
        while(
            $(if(!$?)
            {
                Write-Host 'Failed to create MSRC folder' -ForegroundColor Red
                Start-Sleep 300
                $true
            })
        )
    }
    Write-Host "Trying to capture KBs from MSRC URL" -ForegroundColor Yellow
    do
    {
        $MSContent = $null
        $MSContent = $WebClient.DownloadString($MSRC_URL)
    }
    while(
        $(if(!$?)
        {
            Write-Host 'Failed to capture MSRC content' -ForegroundColor Red
            Start-Sleep 300
            $true
        })
    )
    
    [regex]::Matches($MSContent, '(?i)<tr>[\s\S]+?<a href="(https?://www.microsoft.com/downloads/details.aspx\?FamilyID=[\w\-]+?)">[\s\S]*?(\d{7})') | %{
        Write-Host "KB: [$($_.Groups[2].Value)]" -NoNewline -ForegroundColor Green
        if($_.Value -imatch $ExcludeProducts)
        {
            Write-Host "   --- Excluded: [$($Matches[0])]" -ForegroundColor Red
        }
        else
        {
            if($_.Value -notmatch $IncludeProducts)
            {
                Write-Host "   --- Excluded: Not match [$IncludeProducts]" -ForegroundColor Red
                return
            }
            $KBNumber = "KB$($_.Groups[2].Value)"
            Write-Host "`nDownload URL: [$($_.Groups[1].Value)]" -ForegroundColor Gray
<#
            if(!(Test-Path -Path "$MSRC\$KBNumber"))
            {
                do
                {
                    New-Item -Name "$MSRC\$KBNumber" -ItemType Directory | Out-Null
                }
                while(
                    $(if(!$?)
                    {
                        Write-Host 'Failed to create KB folder' -ForegroundColor Red
                        Start-Sleep 300
                        $true
                    })
                )
            }
#>
            do
            {
                $KBContent = $null
                $KBContent = $WebClient.DownloadString($_.Groups[1].Value)
            }while(
                $(if(!$?)
                {
                    Write-Host 'Failed to capture KB content' -ForegroundColor Red
                    Start-Sleep 300
                    $true
                })
            )

            $KBConfirm = ([regex]::Match($KBContent, '(?i)href="(confirmation.aspx\?id=\d+)"')).Groups[1].Value
            $KBConfirm = "http://www.microsoft.com/en-us/download/$KBConfirm"
            Write-Host "KB confirm URL: [$KBConfirm]" -ForegroundColor Gray
            do
            {
                $KBContent = $null
                $KBContent = $WebClient.DownloadString($KBConfirm)
            }while(
                $(if(!$?)
                {
                    Write-Host 'Failed to capture KB download content' -ForegroundColor Red
                    Start-Sleep 300
                    $true
                })
            )

            $KBLinks = @()
            $KBLinks = [regex]::Matches($KBContent, '(?i)<a href="(http://download.microsoft.com/download/.+?)".+?>Click here</span>') | %{
                $_.Groups[1].Value
            }
            $KBLinks = @($KBLinks | Sort-Object -Unique)
            Write-Host "The KB contains updates: [$($KBLinks.Count)]" -ForegroundColor Green
            $KBLinks | %{
                $FileName = $null
                $FileName = $_.Split('/')[-1]
                if($FileName -imatch $ExcludePatches)
                {
                    Write-Host "Patch excluded: [$($Matches[0])]" -ForegroundColor Red
                    return
                }
                $FilePath = $null
                $FilePath = "$MSRC\$FileName"
                Write-Host "Going to download file: [$FilePath]" -ForegroundColor Gray
                $FilePath = "$PatchStoreTo\$FilePath"
                if(Test-Path -Path $FilePath)
                {
                    Write-Host 'File already exists, skip!' -ForegroundColor Gray
                }
                else
                {
                    do
                    {
                        $WebClient.DownloadFile($_, $FilePath)
                    }while(
                        $(if(!$?)
                        {
                            Write-Host 'Download file failed!' -ForegroundColor Red
                            Start-Sleep -Seconds 300
                            $true
                        })
                    )
                }
            }
        }
    }
}

 

PS, about the proxy, WebClient class will use proxy settings on IE automatically, if want download patches via proxy, set IE to the right settings.

2015-03-02:Updated the regular expression for KB number capture, support for https link and fix capture for enclose.

转载于:https://www.cnblogs.com/LarryAtCNBlog/p/4026695.html

通过任务计划程序和Powershell脚本实现自动安装Windows补丁
weixin_57323573的博客
05-14 1938
域控补丁通过任务计划程序安装,输出日志方便确认安装情况 多域控安装 同时输出日志到同一目录 后期进一步修改以实现自动设立和删除任务计划程序,避免多余操作 第一个计划任务设置定时启动 #启用WindowsUpdate服务 Set-Service wuauserv -StartupType Manual Start-Service wuauserv #申明变量 $hostname = hostname $time = Get-Date $log = '<Log存放目录>' $patch.
使用PowerShell查看Windows 补丁记录并写入数据库
lizhengze1117的博客
06-22 1530
目录知识储备完整代码参考文献 知识储备 在PowerShell 中HashTable 的表示方法如下 #定义 $HashTableArray = @( @{ Description = 'Update '; HotFixID = 'KB5003254'; InstalledBy = 'NT AUTHORITY\SYSTEM'; InstalledOn= '2021/6/13' } ) #插入 $HashTableArray.
Powershell命令批量获取域客户端某个补丁是否安装
u013956462的博客
08-20 5223
​在AD域的"组策略管理编辑器"中,依次展开"用户配置→策略→管理模版→Windows设置→脚本(登录/注销)",设置“注销”脚本。​​​​​ ​添加脚本 需要在该目录下,新建一个“XXX.Ps1”的Powershell脚本,命令为:Get-HotFix | Where-Object {$_.HotFixID -Like ‘KB号’} >>\IP\共享文件夹路径\KB.CSV 注:KB号,例如“KB4012212”;路径,例如“\10.1.1.10\Share\KB.CSV”,且共享文件夹需
域环境下通过Powershell命令批量获取域客户端某个补丁是否安装
杭州吉网-运维日记
12-22 808
原创作者:运维工程师 林琪 域环境下通过Powershell命令批量获取域客户端某个补丁是否安装的方法 ​在AD域的"组策略管理编辑器"中,依次展开"用户配置→策略→管理模版→Windows设置→脚本(登录/注销)",设置“注销”脚本。​​​​​ 添加脚本 需要在该目录下,新建一个“XXX.Ps1”的Powershell脚本,命令为: Get-HotFix | Where-Object {$_.HotFixID -Like 'KB号'} >>\\IP\共享文件夹路径\KB.CSV
Starting Windows PowerShell (启动 Windows PowerShell)
程永强
05-01 1754
Starting Windows PowerShell (启动 Windows PowerShell)
Windows Powershell的一些常规操作命令
luoyayun361的专栏
12-21 2102
Powershell 先简单的了解一下Powershell是神马玩意儿。 Windows PowerShell 是专为系统管理员设计的新 Windows 命令行 shell。Windows PowerShell 包括交互式提示和脚本环境,两者既可以独立使用也可以组合使用。 与接受和返回文本的大多数 shell 不同,Windows PowerShell 是在 .NET Framework 公共语言运行时 (CLR) 和 .NET Framework 的基础上构建的,它接受和返回 .NET Framewor
Windows打开管理员权限的PowerShell的5种方式
热门推荐
风口IT猪的成长录
08-22 2万+
Windows打开管理员权限的PowerShell的5种方式方式1方式2方式3方式4方式5 用完PowerShell就不想再使用CMD(command)了,cmd中的双引号看着不舒服,有时候需要启动管理员群权限的Dos,因此来学习一下。 方式1 在Cortana搜索栏中打开带管理员权限的PowerShell Windows 11的任务栏自带了Cortana搜索框。只需在搜索框中输入powershell。 在出来的搜索结果中右击Windows PowerShell,然后选择以管理员方式运行。 随后会弹出U
windows powershell快捷键
tanshiqian的博客
01-15 4355
复制ctrl+c/鼠标右键 粘贴ctrl+v/鼠标右键 删除整行命令esc 删除光标前一个单词ctrl+backsapce 删除光标后一个单词ctrl+delete 删除光标前一个字符backsapce 删除光标后一个字符delete 删除光标前所有字符ctrl+home 删除光标后所有字符ctrl+end 清理屏幕ctrl+l 光标前/后移动一个单词ctrl+左/右键 光标前/后移动一个字符左/右键 切换历史命令上下键 快速定位到命令行开头home 快速定位到命令行结尾end enter执行命令 F11.
Windows 环境下安装 Anaconda 并适配到 PowerShell 的保姆级教程
世界那么大,我想去看看~【偶尔更新,看世界去了😄】
10-02 4677
Windows 环境下安装 Anaconda 并适配到 PowerShell 的保姆级教程
Windows11下PowerShell配置Git
世界那么大,我想去看看~【偶尔更新,看世界去了😄】
03-19 6128
PowerShell与Git结合使用
学习一下二维码相关的,集成下 zxing.zip
09-12
学习一下二维码相关的,集成下 zxing.zip
生成二维码,可以带企业logo.zip
09-12
生成二维码,可以带企业logo.zip
帝国CMS7.5仿完美游戏台游戏视频网站模板下载.zip
09-12
本帝国cms模板由网络收集,整理升级为帝国CMS7.5,去除图片附件BUG和部分广告,已测试完美无错。 非常适合游戏视频网站使用,视频源采集的优酷,采集目标站以关闭,删除原火车头采集规则。 自带几万条测试数据,几百M测试图片,如何不需要可以到后台批量删除即可。
MATLAB中的Kolmogorov-Arnold网络_Kolmogorov-Arnold Networks in MA
09-12
MATLAB中的Kolmogorov-Arnold网络_Kolmogorov-Arnold Networks in MATLAB.zip
友得云客房产小程序是一款专为房产行业打造的开源的线上营销获客小程序,功能包括:一手房、二手房、租房房源发布、二维码海报、
09-12
友得云客房产小程序是一款专为房产行业打造的开源的线上营销获客小程序,功能包括:一手房、二手房、租房房源发布、二维码海报、置业顾问电子名片,适用于房产开发商、代理商、房产自媒体等行业,拥有众多成功案例。前端采用微信小程序原生开发,后端采用java开发,社区版全部开源免费,您可以在此基础上进行修改和扩展,以适应您自己的业务。本项目所用技术栈有:java_springboot、js_vue.zip
识别 View 上的二维码的工具库。.zip
最新发布
09-12
识别 View 上的二维码的工具库。.zip
AI工具包(AI在线工具)
09-12
AI-PPT 一键生成 PPT:用户输入主题关键词,AI-PPT 可快速生成完整 PPT,涵盖标题、正文、段落结构等,还支持对话式生成,用户可在 AI 交互窗口边查看边修改。 文档导入转 PPT:支持导入 Word、Excel、PDF 等多种格式文档,自动解析文档结构,将其转换为结构清晰、排版规范的 PPT,有保持原文和智能优化两种模式。 AI-PPT 对话 实时问答:用户上传 PPT 或 PPTX 文件后,可针对演示内容进行提问,AI 实时提供解答,帮助用户快速理解内容。 多角度内容分析:对 PPT 内容进行多角度分析,提供全面视野,帮助用户更好地把握内容结构和重点。 多语言对话支持:支持多语言对话,打破语言障碍,方便不同语言背景的用户使用。 AI - 绘图 文生图:用户输入文字描述,即可生成符合语义的不同风格图像,如油画、水彩、中国画等,支持中英文双语输入。 图生图:用户上传图片并输入描述,AI - 绘图能够根据参考图和描述生成新的风格化图像,适用于需要特定风格或元素的创作需求。 图像编辑:提供如 AI 超清、AI 扩图、AI 无痕消除等功能,用户可以上传图片进行细节修改和优化,提升图片质量。 AI - 文稿 文案生成:能够根据用户需求生成多种类型的文章,如市场营销文案、技术文档、内部沟通内容等,提升文案质量和创作效率。 文章润色:对已有文章进行改善和优化,包括语言表达、逻辑连贯性、内容流畅度等方面,使文章更符合用户期望和风格。 文章续写:AI 技术理解文本语境,为用户提供新的想法、补充资料或更深层次的见解,帮助用户丰富文档内容。 AI - 医生 智能健康咨询:包括症状自查,用户输入不适症状,AI 结合病史等信息提供疾病可能性分析与初步建议;用药指导,支持查询药品适应症、禁忌症等,并预警潜在冲突;中医辨证,提供体质辨识与调理建议。 医学报告解读:用户上传体检报告
无线通信CSMA_CA协议的MATLAB仿真_MATLAB Simulation of CSMA_CA Protocol
09-12
无线通信CSMA_CA协议的MATLAB仿真_MATLAB Simulation of CSMA_CA Protocol for Wireless Communication.zip
教程的源代码和数据从粒子Metropolis Hastings开始,用于非线性模型中的推理__Source code a
09-12
教程的源代码和数据从粒子Metropolis Hastings开始,用于非线性模型中的推理__Source code and data for the tutorial_ _Getting started with particle Metropolis-Hastings for inference in nonlinear models_.zip
Win10Script:通过PowerShell轻松优化Windows 10设置
Win10Script 是一个专为 Windows 10 设计的 PowerShell 脚本,其目的是帮助用户自动化日常的系统设置调整和管理任务。它不是一套完整的系统设置解决方案,而是提供了一系列预配置的脚本命令,以方便地调整和优化 ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值