bitsadmin
commented
2 years ago You can use DCOM to obtain the list of missing KBs for every server and then feed it those files to WES-NG using wes.py -m missing.txt. Here is an example snippet of how you could do that.
$servers = "SERVER01","SERVER02","SERVER03"
$servers | % {
$server = $_
$t = [type]::GetTypeFromProgID('Microsoft.Update.Session', $server)
$wu = [Activator]::CreateInstance($t)
$results = $s.Search('IsInstalled=0')
$kbs = $results.Updates | % { [PSCustomObject]@{KB=$('KB{0}' -f $_.KBArticleIDs[0]); Title=$($_.Title)} }
$kbs | % KB | Out-File -Encoding ASCII "missing_$server.txt"
}Another option could be to simply check the update status of every computer in WSUS as in a large organization probably WSUS is used for update distribution.
Lastly, the Windows Security Updates for Hackers blog post at bitsadm.in contains a number of ways to collect information about security updates from remote systems.
In either case, be aware that WSUS can hide updates so these are not visible for the above script. Those updates could be critical security patches. For more info, see https://bitsadm.in/blog/windows-security-updates-for-hackers#missingkbsvbs.
Hope that helps!
If I want to perform large-scale terminal detection on computers that have entered the domain, what is a better solution? Is there such a recognition technology?