Patch Tuesday dynamic report test

Esben_D · ‎02-25-2021

Hi,

I’ve been working on improving the Patch Tuesday reports we send out every month.

Every so often (including this month) Microsoft released out-of-band updates. Since the report is historically created shortly after patch Tuesday, these out-of-band updates are not included and will cause the report to indicate that machines with this patch applied are still out of date.

To resolve this, I’ve created a new version of the February Patch Tuesday. This version does not just look at specific patches, but rather whether you have those patches or newer ones, installed.
While this still isn’t perfect, I believe it is as close as we can get with a report.

To check if it works correctly, please give it a try and vote on the poll below. Thanks!

V2 with new poll posted below

Did the report return accurate results?

Yes
No (please detail in a reply)

0 voters

hendrikve · ‎03-16-2021

I’m afraid this ‘dynamic’ report will potentially show a lot of ‘false positives’, where the actual security updates aren’t installed (because they require a reboot), while not that critical updates (like .NET updates) with a higher KB are installed.
Maybe when I have some time I’ll try it out in my cookie factory to see if the static vs dynamic version shows any differences.

Esben_D · ‎03-16-2021

True, the main goal for this change is to ensure that if you have the Patch Tuesday patches installed, it stays listed as “up-to-date”. Even if you install new patches later. The problem with the old version is that if you install newer updates, computers would be listed as out-of-date, even if they are not.

It is not intended to give accurate “up-to-date” / “out-of-date” at all times. Basically, it’s “Has patch Tuesday” / “does not have patch Tuesday”

Peter1 · ‎03-19-2021

Hi Esben,

I get this info from colleague Peter Prins:

Maybe you are already informed, but I’ll let you know anyway.
Microsoft is well on the way or actually not …haha.

BSODs on W10 workstations with regard to printer drivers and incomplete printing of documents from Office and other Apps.

So far already 2 out-of-band patches. Today the 2nd was released.

Due to the unclear and not properly solved the problems, the W10 patches have not yet been released.
Microsoft has also not yet automatically included them in WSUS.

These are the following out-of-band kb numbers.
These will therefore have to be included in the Lansweeper Patch Tuesday report.
Will we get an update from Lansweeper?

Windows 10 version 1909: KB5001566 and KB5001648
Windows 10 version 2004 and 20H2: KB5001567 and KB5001649

https://support.microsoft.com/en-us/topic/march-18-2021-kb5001649-os-builds-19041-870-and-19042-870-...

https://support.microsoft.com/en-us/topic/march-18-2021-kb5001648-os-build-18363-1443-out-of-band-e8...

Kind regards,
PeterT & PeterP

Esben_D · ‎03-19-2021

Hey Peter,

It is something I can inform the team of, however, this is kind of why we created this new version of the report.

While the new patch Tuesday won’t be able to tell you if you have these new patches or not (because it only checks if you have at least the patch tuesday ones), it will at least still indicate whether your assets have the patch tuesday patches installed or not.
As a side note, the source I use is MS official update pages, for W10 for example: March 18, 2021—KB5001649 (OS Builds 19041.870 and 19042.870) Out-of-band
Whether these are automatically included in WSUS or not is not checked.

In regards to creating a seperate, specialised report for this occurence. I don’t think we’ll create something for it. Maybe over time as this grows we’ll be able to do more things with it and improve the report even more.

Esben_D · ‎03-02-2021

Here is another updated version PatchTuesdayNewV7.txt (8.6 KB)

After a lot of troubleshooting with Peter, I was able to finally fix some of the issues he was having in his large installation. Should this new version give anyone else issues, let me know.

gus_k1 · ‎03-01-2021

2021-03-01-Modified-OU-UptimeSort-LastSeen30Days.txt (11.4 KB) Nicely done EbsenD. If this could be a monthly run report or dynamically updated in the background each month, that would be great. I like the output format. Attaching a slightly modified version of my own with uptime sort next to your formatted version so it can be sorted in order correctly. We also add in a “30 days” last seen to each of our report to narrow down the results to current systems.

Thanks
/Gus

Esben_D · ‎03-02-2021

Updating it in the background might be something to implement in ADP in the future. However, it is more likely that the first step will be that we provide this report in ADP without the need of grabbing it manually. Similar to how, at the moment you’ll see report with the “new” tag appear all of a sudden.

Peter1 · ‎03-10-2021

Hi Esben,

I got the comment from a colleague who always uses the Patch Tuesday report that it might be useful to show if a workstation is up to date, on which KBs have been scanned.

Esben_D · ‎03-10-2021

True, its something I can add next time. Simply showing the highest KB patch that was used.

Patch Tuesday dynamic report test

New to Lansweeper?

Try Lansweeper For Free