This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

→ 🚀Are you a Lansweeper Champion?! Join our Contributor Program Sign up here!

Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Patch Tuesday Improvements

Esben_D
Lansweeper Employee
Lansweeper Employee

‎04-30-2021 04:17 PM

Hello,

As you might know, I’m mainly responsible for the Patch Tuesday reports, and as you might have seen previously, I’ve been looking at improving it to make it more accurate both historically and for future updates.

In my previous attempt, I tried using “greater than” logic to make it so that when you run a patch Tuesday report, even after installing newer patches.

However, it seems that Microsoft’s patch numbers aren’t as stable as I thought, causing issues with accuracy due to out-of-band updates and SSU.

Attempt #2

We scan the specific build number of Windows which can be tied to a specific Patch Tuesday update.

For example, version 2004 and 20H2 UBR versions for Patch Tuesday are 928
https://support.microsoft.com/en-us/topic/april-13-2021-kb5001330-os-builds-19041-928-and-19042-928-...

By creating a report, linking each UBR to their Patch Tuesday, you would get a report which shows exactly on which patch Tuesday a machine currently is and it can indicate which ones are on, or higher than the latest patch Tuesday.

If you want to give this test a try, you can do the following:

  1. Run the report:
    PatchTuesdayV6.txt (5.3 KB)

  2. If the build number Column is outdated, rescan the assets in the report.
    1X_2a9dfc2f241cc0f2e49ef1c65ee59c97cd5fcdba.png

Let me know below about your findings and if the report is accurate for you. As long as your machines have the patch Tuesday of April installed, they should be listed as up to date.

Labels:
Preview file
6 KB
32 REPLIES 32
Esben_D
Lansweeper Employee
Lansweeper Employee

‎07-26-2021 05:11 PM

Here is a new version for July. Let me know if it works for you or not.

PTBuildsV7.txt (5.6 KB)

Preview file
6 KB
0 Kudos
proxykeeper
Engaged Sweeper III
In response to Esben_D

‎07-30-2021 05:34 PM

I like the Highest KB Found column.
From a server perspective, Windows 2016 and 2019 OS’s look correct. It is reporting out of date for all Windows 2012 and Windows 2012r2 servers though.
If you could add the color codes back in too, that would be helpful.

0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee
In response to proxykeeper

‎08-03-2021 12:43 PM

I added the color-coding again and a column indicating which build number is the July PT build number.

PTBuildsV8.txt (8.0 KB)

You should check if your Windows 2012 and 2012r2 servers actually have the latest patch installed and what build number it is showing. If the build number is lower than the PT build number column, it will show as out of date

The July Patch Tuesday updates should update the build number to the PT build number.

Preview file
8 KB
0 Kudos
proxykeeper
Engaged Sweeper III

‎06-10-2021 08:00 PM

Would it be possible to store the security KB’s in the database and then use that for the report? You could add the KB’s to the database and the report would automatically use that instead of having to manually update the report each month. It would also provide a simple way to report on specific KBs.

0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee
In response to proxykeeper

‎06-15-2021 02:11 PM

That would be a possibility, but one that would require an integration with Microsoft services to fetch the latest updates at a set interval. So a lot more dev work.

0 Kudos
proxykeeper
Engaged Sweeper III
In response to Esben_D

‎06-15-2021 03:02 PM

Sounds like a great idea! Are the current Patch Tuesday Audit reports created manually? Would it be possible to create the database table for the Microsoft KB’s and populate it manually, or use a similar method that is currently used to create the Patch Tuesday Audits, until it is fully automated?

0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee
In response to proxykeeper

‎06-18-2021 03:11 PM

I create them manually every month. Having a database table with the KB numbers wouldn’t help unless it is populated automatically. Otherwise we’re just updating a table instead of the report (which by the way we can only do with a software update at the moment).

In the IT Asset data platform we will be adding functionality to push reports to customers. So we could update/add reports straight to your interface. Long term we do want to automate patch Tuesday and vulnerability management much more (using the software standardization).

0 Kudos
Esben_D
Lansweeper Employee
Lansweeper Employee

‎05-12-2021 03:26 PM

I actually found out I looked over the fact that we already scan the UBR number by default (so there is no need to scan the registry key).

So here is a version that uses that, hopefully it is more accurate:

PatchTuesdayV6.txt (5.3 KB)

Preview file
6 KB
0 Kudos
proxykeeper
Engaged Sweeper III
In response to Esben_D

‎05-25-2021 06:14 PM

I noticed the UBR number scanned by default with Lansweeper is only working on Windows 2016 and above.

To show this, the UBR Reg value column was added:

1X_30f35901bdb40f8ee58b0fb3da2035e43483b4a2.png

0 Kudos

General Discussions

Find answers to technical questions about Lansweeper.

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now