04-30-2021 04:17 PM
Hello,
As you might know, I’m mainly responsible for the Patch Tuesday reports, and as you might have seen previously, I’ve been looking at improving it to make it more accurate both historically and for future updates.
In my previous attempt, I tried using “greater than” logic to make it so that when you run a patch Tuesday report, even after installing newer patches.
However, it seems that Microsoft’s patch numbers aren’t as stable as I thought, causing issues with accuracy due to out-of-band updates and SSU.
We scan the specific build number of Windows which can be tied to a specific Patch Tuesday update.
For example, version 2004 and 20H2 UBR versions for Patch Tuesday are 928
https://support.microsoft.com/en-us/topic/april-13-2021-kb5001330-os-builds-19041-928-and-19042-928-...
By creating a report, linking each UBR to their Patch Tuesday, you would get a report which shows exactly on which patch Tuesday a machine currently is and it can indicate which ones are on, or higher than the latest patch Tuesday.
If you want to give this test a try, you can do the following:
Run the report:
PatchTuesdayV6.txt (5.3 KB)
If the build number Column is outdated, rescan the assets in the report.
Let me know below about your findings and if the report is accurate for you. As long as your machines have the patch Tuesday of April installed, they should be listed as up to date.
05-07-2021 07:13 PM
I split the file "Hotfix Test Esben PatchTuesdayV5.txt UBR All Workstations_07052021.xlsx.zip"with 7-zip in two parts and added extention .zip to be able to upload here:
Good weekend!
05-07-2021 06:07 PM
Yes this V5 is OK, ummm the .zip file is bigger than 4Mb so cannot upload, I zipped it with 7Zip en renamed Hotfix Test Esben PatchTuesdayV5.txt UBR All Workstations_07052021.xlsx.7z to Hotfix Test Esben PatchTuesdayV5.txt UBR All Workstations_07052021.xlsx.7z.zip still to big…
05-07-2021 04:43 PM
Espen, with this V4 report I get an error in the Report Builder “Error converting data type nvarchar to bigint.”
Next week I will ask my colleague Peter Prins, he is really involved with our Microsoft patching…
05-07-2021 04:50 PM
@Peter this should work
PatchTuesdayV5.txt (5.5 KB)
05-07-2021 02:40 PM
Hi Esben,
PPC0645917 is offline now so I cannot rescan it or deploy a “List Hotfixes” package, here some info from the Lansweeper Asset page:
New Report ParchTuesdayV3:
I cannot find any of KB5001XXX (KB5001382 or KB5001393) fixes for Asset PPC0645917, this is the info form the Windows Quickfix and History page:
PPC0645917_QuickFixes.txt (8.1 KB)
PPC0645917_HistoryPage.txt (417.7 KB)
Also the output of the new report PatchTuesdayV3 and the old report April 2021 of today:
Hotfix Test Esben PatchTuesdayV3.txt UBR All Workstations_07052021.zip (3.5 MB)
Hotfix Microsoft Patch Tuesday April 2021 Audit Query_All_Workstations_07052021.zip (3.7 MB)
05-07-2021 03:56 PM
@Peter To be honest, I’m not sure what is happening . All the updates that are being shown are from some time ago, but for some reason the UBR version is up-to-date. Which as far as I know shouldn’t be possible.
For now, I’ve added the “Highest KB Patch found” field, QuickFixLastScanned.QuickFixLastScanned,
tRegUBR.Lastchanged. This way there is more info to troubleshoot or check if things are correct:
PatchTuesdayV4.txt (5.4 KB)
I’ll try and see if I can find anything online about it, but at this point, I have no idea why that is happening. If anyone else has an idea, that would be more than welcome
05-06-2021 08:33 PM
I am not sure about the logic for Windows 10.0.14393 / 1607. As written, Win 10 & 10.0.14393 always returns ‘Up to Date’. I think it should be reporting “EOL, update to a higher Windows version”, “Out of Date” or “Patch Status UBR value not found”. Certainly not "Up to Date’?
When tsysOS.OScode Like '10.0.14393' Or
tsysOS.OSname = 'Win 2016' And tRegUBR.Value >= 4350 Then '0 - Up to date'
05-07-2021 12:41 PM
Fixed that:
PatchTuesdayV3.txt (4.9 KB)
@Peter I believe this will also fix some of the assets you had.
However, I did see some odd things in your results. Basically, there are assets in your results that only have older KB patches scanned, but do have the most recent UBR version (which is higher than those scanned patches provide).
Example is asset: PPC0645917, it lists patch KB4514338 but is has UBR 19995
UBR 19995 can only be done by patches with number KB5001XXX. Maybe you can check on the asset page itself?
Also check the Asset’s history page. It is possible the patch was installed but maybe Windows removed it from the WMI. It should have a record in the history that looks like:
05-07-2021 12:32 PM
For 1607 specifically, its slightly diffirent, the reason why it isn’t EOL is because it is one of the versions that has a LTSC version which is still supported. But that is another improvement that can be made in the future to distinguish between Windows Home/Pro/Enterprise/Education/IoT/LTSB/LTSC
Right now I’m focusing on on getting the UBR stuff working. It does look from your screenshot the query needs some adjusting.
05-06-2021 04:30 PM
Hotfix Microsoft Patch Tuesday April 2021 Audit Query.zip (3.1 MB)
Hotfix Test Esben PatchTuesdayV2.txt UBR.xlsx.zip (2.9 MB)
Hi Esben,
I put the new patch Thursday query in our production environment, luckily we already had the UBR registry scanning.
If I compare the April 2021 report with this new report on the number of workstations that is up-to-date, I see a difference of 598 workplaces that your new report gives less as up-to-date.
Furthermore.
Also there is still no color display of green or red for the up-to-date or not and no missing Kb-numbers display kolom.
I have added the export to Excel of both reports with a filter on Workstation and up-to-date:
Kind regards,
Peter
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now