04-30-2021 04:17 PM
Hello,
As you might know, I’m mainly responsible for the Patch Tuesday reports, and as you might have seen previously, I’ve been looking at improving it to make it more accurate both historically and for future updates.
In my previous attempt, I tried using “greater than” logic to make it so that when you run a patch Tuesday report, even after installing newer patches.
However, it seems that Microsoft’s patch numbers aren’t as stable as I thought, causing issues with accuracy due to out-of-band updates and SSU.
We scan the specific build number of Windows which can be tied to a specific Patch Tuesday update.
For example, version 2004 and 20H2 UBR versions for Patch Tuesday are 928
https://support.microsoft.com/en-us/topic/april-13-2021-kb5001330-os-builds-19041-928-and-19042-928-...
By creating a report, linking each UBR to their Patch Tuesday, you would get a report which shows exactly on which patch Tuesday a machine currently is and it can indicate which ones are on, or higher than the latest patch Tuesday.
If you want to give this test a try, you can do the following:
Run the report:
PatchTuesdayV6.txt (5.3 KB)
If the build number Column is outdated, rescan the assets in the report.
Let me know below about your findings and if the report is accurate for you. As long as your machines have the patch Tuesday of April installed, they should be listed as up to date.
07-26-2021 05:11 PM
07-30-2021 05:34 PM
I like the Highest KB Found column.
From a server perspective, Windows 2016 and 2019 OS’s look correct. It is reporting out of date for all Windows 2012 and Windows 2012r2 servers though.
If you could add the color codes back in too, that would be helpful.
08-03-2021 12:43 PM
I added the color-coding again and a column indicating which build number is the July PT build number.
PTBuildsV8.txt (8.0 KB)
You should check if your Windows 2012 and 2012r2 servers actually have the latest patch installed and what build number it is showing. If the build number is lower than the PT build number column, it will show as out of date
The July Patch Tuesday updates should update the build number to the PT build number.
06-10-2021 08:00 PM
Would it be possible to store the security KB’s in the database and then use that for the report? You could add the KB’s to the database and the report would automatically use that instead of having to manually update the report each month. It would also provide a simple way to report on specific KBs.
06-15-2021 02:11 PM
That would be a possibility, but one that would require an integration with Microsoft services to fetch the latest updates at a set interval. So a lot more dev work.
06-15-2021 03:02 PM
Sounds like a great idea! Are the current Patch Tuesday Audit reports created manually? Would it be possible to create the database table for the Microsoft KB’s and populate it manually, or use a similar method that is currently used to create the Patch Tuesday Audits, until it is fully automated?
06-18-2021 03:11 PM
I create them manually every month. Having a database table with the KB numbers wouldn’t help unless it is populated automatically. Otherwise we’re just updating a table instead of the report (which by the way we can only do with a software update at the moment).
In the IT Asset data platform we will be adding functionality to push reports to customers. So we could update/add reports straight to your interface. Long term we do want to automate patch Tuesday and vulnerability management much more (using the software standardization).
05-12-2021 03:26 PM
05-25-2021 06:14 PM
I noticed the UBR number scanned by default with Lansweeper is only working on Windows 2016 and above.
To show this, the UBR Reg value column was added:
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now