There is a most fabulous utility available for free download from Shavlik Technologies here that will scan your Windows boxen for needed security/bug fixes. The command line version doesn’t require registration, and is quite easy to use. The cool thing is that the status of current patches is downloaded at run time. Let’s run this on our XP box:
C:\Program Files\Shavlik Technologies\HFNetChk>hfnetchk Shavlik Technologies Network Security Hotfix Checker 3.86 Copyright (C) 2001-2002 Shavlik Technologies, LLC Shavlik Technologies, LLC info@shavlik.com (www.shavlik.com), 651-426-6624 All Rights Reserved Please use the -v switch to view details for Patch NOT Found, Warning and Note messages Attempting to download the CAB from: http://xml.shavlik.com/mssecure.cab File was successfully downloaded. Attempting to load .\mssecure.xml. =============================================================== Scan performed Sun Apr 27 10:30:24 2003 Shavlik Technologies Network Security Hotfix Checker, 3.86 Using XML data version = 1.1.1.666 Last modified on 4/23/2003. Scanning BILLYBOB ................................... Done scanning BILLYBOB ---------------------------- BILLYBOB (10.50.100.2) ---------------------------- * WINDOWS XP SP1 Warning MS02-055 Q323255 Patch NOT Installed MS03-013 Q811493 * INTERNET EXPLORER 6 SP1 Patch NOT Installed MS03-015 Q813489 * WINDOWS MEDIA PLAYER FOR WINDOWS XP SP1 Information All necessary hotfixes have been applied. * MDAC 2.7 SP1 Information All necessary hotfixes have been applied. C:\Program Files\Shavlik Technologies\HFNetChk> |
Let’s hit one of our Windows 2000 lab boxes:
C:\Program Files\Shavlik Technologies\HFNetChk>hfnetchk -h srv-48 -u Administrat or -p "password" Shavlik Technologies Network Security Hotfix Checker 3.86 Copyright (C) 2001-2002 Shavlik Technologies, LLC Shavlik Technologies, LLC info@shavlik.com (www.shavlik.com), 651-426-6624 All Rights Reserved Please use the -v switch to view details for Patch NOT Found, Warning and Note messages Attempting to download the CAB from: http://xml.shavlik.com/mssecure.cab File was successfully downloaded. Attempting to load .\mssecure.xml. =============================================================== Scan performed Sun Apr 27 10:35:33 2003 Shavlik Technologies Network Security Hotfix Checker, 3.86 Using XML data version = 1.1.1.666 Last modified on 4/23/2003. Scanning srv-48 ..................................................... Done scanning srv-48 ---------------------------- EPHINY (10.50.100.67) ---------------------------- * WINDOWS 2000 SERVER SP3 Warning MS02-055 Q323255 Note MS02-064 Q327522 Patch NOT Installed MS03-001 Q810833 Patch NOT Installed MS03-008 Q814078 Patch NOT Installed MS03-010 Q331953 Patch NOT Installed MS03-011 Q816093 Patch NOT Installed MS03-013 Q811493 * INTERNET EXPLORER 6 SP1 Patch NOT Installed MS03-014 Q330994 Patch NOT Installed MS03-015 Q813489 * WINDOWS MEDIA PLAYER 6.4 GOLD Information All necessary hotfixes have been applied. * MDAC 2.5 SP3 Information All necessary hotfixes have been applied. C:\Program Files\Shavlik Technologies\HFNetChk> |
Note that this scan includes the “Buffer Overrun in Windows Kernel Message Handling Could Lead to Elevated Privileges”, which is relatively recent. Finally, let’s hit an NT4 lab box:
C:\Program Files\Shavlik Technologies\HFNetChk>hfnetchk -h srv-49 -u Administrat or -p "password" Shavlik Technologies Network Security Hotfix Checker 3.86 Copyright (C) 2001-2002 Shavlik Technologies, LLC Shavlik Technologies, LLC info@shavlik.com (www.shavlik.com), 651-426-6624 All Rights Reserved Please use the -v switch to view details for Patch NOT Found, Warning and Note messages Attempting to download the CAB from: http://xml.shavlik.com/mssecure.cab File was successfully downloaded. Attempting to load .\mssecure.xml. =============================================================== Scan performed Sun Apr 27 10:38:41 2003 Shavlik Technologies Network Security Hotfix Checker, 3.86 Using XML data version = 1.1.1.666 Last modified on 4/23/2003. Scanning srv-49 ................................................................................ ..................... Done scanning srv-49 ---------------------------- CAESAR (10.50.100.66) ---------------------------- * WINDOWS NT4 SERVER SP6A Note MS98-001 Q169556 Note MS99-036 Q155197 Note MS99-041 Q242294 Patch NOT Installed MS01-048 Q305399 Patch NOT Installed MS02-006 Q314147 Patch NOT Installed MS02-050 Q329115 Patch NOT Installed MS02-071 Q328310 Patch NOT Installed MS03-001 Q810833 Patch NOT Installed MS03-007 Q815021 Patch NOT Installed MS03-008 Q814078 Patch NOT Installed MS03-011 Q816093 Patch NOT Installed MS03-013 Q811493 * INTERNET EXPLORER 6 SP1 Patch NOT Installed MS03-014 Q330994 Patch NOT Installed MS03-015 Q813489 * WINDOWS MEDIA PLAYER 6.4 GOLD Patch NOT Installed MS02-032 Q320920 * MDAC 2.5 SP2 Warning The latest service pack for this product is not installed. Currently MDAC 2.5 SP2 is installed. The latest service pack is MDAC 2.5 SP3. Patch NOT Installed MS02-040 Q326573 * EXCHANGE SERVER 5.5 SP4 Patch NOT Installed MS01-041 Q304062 Note MS01-047 Q307195 Patch NOT Installed MS02-037 Q326322 C:\Program Files\Shavlik Technologies\HFNetChk> |
Yow!! A few patches needed. We are quite empressed that this one simple tool can scan such a wide variety of Windows platforms. The command line interface makes it much easier to automate.
