我正在使用Powershell命令行开关“Get-Hotfix”来检测给定服务器的漏洞。这是代码:
if (!(get-hotfix -id KB2964444 -ErrorAction SilentlyContinue)) { echo "Missing!" }
这很有效,但我的担忧与累积更新有关。如果以后的累积更新包含以前的修补程序,则会将其报告为TRUE(正确的回复)或Missing!。
如果我输出get-hotfix(下面)的完整输出,我没有看到任何累积更新(但已经应用了累积更新),这使我认为各个更新总是可见的。
Source Description HotFixID InstalledBy InstalledOn
------ ----------- -------- ----------- -----------
WIN-EJ3M07... Update KB2899189_... NT AUTHORITY\SYSTEM 7/3/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2894856 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2918614 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2919355 WIN-EJ3M07TUG3E\A... 3/18/2014 12:00:00 AM
WIN-EJ3M07... Update KB2919442 WIN-EJ3M07TUG3E\A... 3/18/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2920189 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2931366 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Update KB2937220 WIN-EJ3M07TUG3E\A... 3/18/2014 12:00:00 AM
WIN-EJ3M07... Update KB2938772 WIN-EJ3M07TUG3E\A... 3/18/2014 12:00:00 AM
WIN-EJ3M07... Update KB2939153 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Update KB2939471 WIN-EJ3M07TUG3E\A... 3/18/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2939576 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Hotfix KB2949621 WIN-EJ3M07TUG3E\A... 3/18/2014 12:00:00 AM
WIN-EJ3M07... Update KB2950153 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Update KB2954879 NT AUTHORITY\SYSTEM 7/3/2014 12:00:00 AM
WIN-EJ3M07... Update KB2955164 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Update KB2956575 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2957189 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Update KB2958262 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Hotfix KB2959626 NT AUTHORITY\SYSTEM 7/9/2014 12:00:00 AM
WIN-EJ3M07... Update KB2959977 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2961072 NT AUTHORITY\SYSTEM 7/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2962140 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Update KB2962409 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2962872 NT AUTHORITY\SYSTEM 7/15/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2964718 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2964736 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Update KB2965142 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Update KB2965500 NT AUTHORITY\SYSTEM 7/3/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2965788 NT AUTHORITY\SYSTEM 7/3/2014 12:00:00 AM
WIN-EJ3M07... Update KB2966804 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Update KB2967917 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2969339 NT AUTHORITY\SYSTEM 7/3/2014 12:00:00 AM
WIN-EJ3M07... Update KB2969817 NT AUTHORITY\SYSTEM 7/7/2014 12:00:00 AM
WIN-EJ3M07... Update KB2971203 NT AUTHORITY\SYSTEM 7/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2971239 NT AUTHORITY\SYSTEM 8/13/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2971850 NT AUTHORITY\SYSTEM 7/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2972094 NT AUTHORITY\SYSTEM 7/9/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2972280 NT AUTHORITY\SYSTEM 7/9/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2973201 NT AUTHORITY\SYSTEM 7/15/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2973351 NT AUTHORITY\SYSTEM 7/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2973448 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2974008 NT AUTHORITY\SYSTEM 7/9/2014 12:00:00 AM
WIN-EJ3M07... Update KB2975061 NT AUTHORITY\SYSTEM 7/9/2014 12:00:00 AM
WIN-EJ3M07... Update KB2975719 NT AUTHORITY\SYSTEM 10/6/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2976627 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2976897 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2977629 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2977765 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2978668 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2979500 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2979582 NT AUTHORITY\SYSTEM 10/6/2014 12:00:00 AM
WIN-EJ3M07... Update KB2980654 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2981580 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2981655 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2982791 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2982794 NT AUTHORITY\SYSTEM 8/13/2014 12:00:00 AM
WIN-EJ3M07... Update KB2987114 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Security Update KB2988948 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2989647 NT AUTHORITY\SYSTEM 9/24/2014 12:00:00 AM
WIN-EJ3M07... Update KB2990532 NT AUTHORITY\SYSTEM 10/6/2014 12:00:00 AM
WIN-EJ3M07... Update KB2990967 NT AUTHORITY\SYSTEM 9/24/2014 12:00:00 AM
WIN-EJ3M07... Update KB2993100 NT AUTHORITY\SYSTEM 9/24/2014 12:00:00 AM
WIN-EJ3M07... Update KB2993651 NT AUTHORITY\SYSTEM 9/15/2014 12:00:00 AM
WIN-EJ3M07... Update KB2995004 NT AUTHORITY\SYSTEM 10/6/2014 12:00:00 AM
WIN-EJ3M07... Update KB2998527 NT AUTHORITY\SYSTEM 9/24/2014 12:00:00 AM
修改 最后,我的问题是有没有办法查询累积更新中包含的各个修补程序?是否始终显示包含的修补程序(即使已应用累积更新)?
答案 0 :(得分:3)
测试它似乎你得到"缺少"
检查:KB2909921" MS14-010:Internet Explorer的累积安全更新:2014年2月11日" (http://support.microsoft.com/kb/2909921):
PS C:\Windows\System32> get-hotfix -id KB2909921
Source Description HotFixID InstalledBy InstalledOn
------ ----------- -------- ----------- -----------
MyMachine Security Update KB2909921 NT AUTHORITY\SYSTEM
检查:KB2926827" Web浏览器控件托管应用程序可能意外丢失会话信息" (包含在上述CU; http://support.microsoft.com/kb/2926827)
PS C:\Windows\System32> get-hotfix -id KB2926827
Get-HotFix : This command cannot find hot-fix on the machine 'localhost'. Verify the input and Run your command again.
At line:1 char:11
+ get-hotfix <<<< -id KB2926827
+ CategoryInfo : ObjectNotFound: (:) [Get-HotFix], ArgumentException
+ FullyQualifiedErrorId : GetHotFixNoEntriesFound,Microsoft.PowerShell.Commands.GetHotFixCommand
<强>更新
这是一个痛苦的黑客,可能会有所帮助。没有保证,非常慢,并且只发现遵循当前URL约定的KB /使其HTML格式化我的刮刀假定的方式。 可以通过在某处缓存结果/可能用于构建参考数据库来改进。
function get-hotfixInfo()
{
process
{
#$url = "http://support2.microsoft.com/kb/{0}" -f ($_.HotFixId -replace "KB(\d*)",'$1')
$url = $_.Caption
try
{
$response = (Invoke-Webrequest $url -ea stop)
} catch {
$response = @{
ParsedHTML = @{
Title = "{0}`n`nURL: {1}" -f $error[0].Exception,$url
}
}
}
$html = $response.ParsedHTML
$isCU = $html.title -like "*cumulative*update*"
$kblets = $null
if($isCU) #this bit can be even slower than the above, hence only run if we believe we have a CU
{
$baseUri = $response.BaseResponse.ResponseURI
$kblets = $html.getElementsByTagName('a') `
| ? { ($_.parentNode.tagname -eq 'TD') -and ($_.parentNode.nextsibling.tagname = 'TD') } `
| ? { $_.className -eq 'KBlink' } `
| % { New-Object -TypeName PSObject -Prop @{
Id = "KB{0}" -f $_.innerText
Uri = (new-object System.URIBuilder($baseUri.scheme,$baseUri.dnssafehost,$baseUri.port,($_.href -replace "about:/(.*),'$1'"))).ToString()
Title = $_.parentNode.nextsibling.innerText
}}
}
New-Object -TypeName PSObject -Prop @{
Id = $_.HotFixId
IsCU = $isCU
Title = $html.title
Source = $_.source
Description = $_.description
InstalledBy = $_.installedby
InstalledOn = $_.installedon
Uri = "http://support2.microsoft.com/kb/{0}" -f ($_.HotFixId -replace "KB(\d*)",'$1')
KBlets = $kblets
}
}
}
#get the first 2 cumulative update hotfixes
get-hotfix | get-hotfixInfo | ?{$_.isCU} | select -first 2 | fl
#get the hotfix id for IE11 CU Feb 2014, and it's component hotfixes
get-hotfix -id kb2909921 | get-hotfixInfo | %{ New-Object -TypeName PSObject -Prop @{Id=$_.Id;Title=$_.Title}; $_.KBlets | %{ New-Object -TypeName PSObject -Prop @{Id=$_.Id;Title=$_.Title}}} | ft -autosize