Determining if a patch/update is installed with MBSA 2.0
In the 2.0 version of MBSA there are structured information about patches and updates. To verify if a patch is missing or installed, simple XML queries can be issued for that purpose. The 2 small programs below accomplish that task. You can use them as a start for your integration scripts and/or to get an idea where to start.
Usage: CheckIsInstalled <REPORT-FILE> <PATCH-TO-SEARCH>
Example: CheckIsInstalled "%USERPROFILE%\SecurityScans\REDMOND - NELSONA (7-25-2005 2-53 PM).mbsa" MS05-001
CheckIsInstalled.cmd - Command script to verify if a patch is missing
@echo off
REM
REM CheckIsInstalled.cmd - Verifies if a patch is missing on the system
REM Requires: MBSA 2.0
REM Author: Nelson Araujo
REM Download: https://blogs.msdn.com/nelson_araujo/archive/2005/07/28/mbsa_automation_sample1.aspx
REM
REM Copyright (C) 2005 Microsoft Corporation. All rights reserved.
REM
REM Microsoft provides programming examples for illustration only, without
REM warranty either expressed or implied, including, but not limited to, the
REM implied warranties of merchantability or fitness for a particular purpose.
REM This example assumes that you are familiar with the programming language
REM that is being demonstrated and the tools that are used to create and debug
REM procedures. Microsoft support professionals can help explain the
REM functionality of a particular procedure, but they will not modify these
REM examples to provide added functionality or construct procedures to meet your
REM specific requirements. If you have limited programming experience, you may
REM want to contact a Microsoft Certified Partner or the Microsoft fee-based
REM consulting line at 1-800-936-5200. For more information about Microsoft
REM Certified Partners, see the following Microsoft Web site:
REM
REM https://directory.microsoft.com/resourcedirectory/Solutions.aspx
REM
REM For additional information about the support options available from
REM Microsoft, visit the following Microsoft Web site:
REM
REM https://support.microsoft.com/default.aspx?scid=fh;[LN];CNTACTMS
REM
REM ------------------------------------------------------------------------------
REM
REM Usage: CheckIsInstalled "%USERPROFILE%\SecurityScans\MyReportFile.mbsa" PATCH
REM MyReportFile = modify to represent your MBSA report name
REM PATCH = modify to represent the patch you want to find, e.g. MS05-023
REM
REM ------------------------------------------------------------------------------
echo Checking for update...
cscript IsPatchMissing.vbs %1 %2
if errorlevel 3 goto reportfail
if errorlevel 2 goto updatenotfound
if errorlevel 1 goto not_installed
if errorlevel 0 goto installed
goto EOF
:reportfail
echo ERROR: Cannot load report from %1
goto EOF
:updatenotfound
echo ERROR: Cannot find information for %2
goto EOF
:not_installed
echo WARNING: Update %2 is NOT installed
goto EOF
:installed
echo OK: Update %2 is installed
goto EOF
:EOF
IsPatchMissing.vbs - Helper VB Script to verify the presence of a specific patch/update by ID
'------------------------------------------------------------------------------
'
' IsPatchMissing.vbs - Verifies if a patch is missing on the system
' Requires: MBSA 2.0
' Author: Nelson Araujo
' Download: https://blogs.msdn.com/nelson_araujo/archive/2005/07/28/mbsa_automation_sample1.aspx
'
' Copyright (C) 2005 Microsoft Corporation. All rights reserved.
'
' Microsoft provides programming examples for illustration only, without
' warranty either expressed or implied, including, but not limited to, the
' implied warranties of merchantability or fitness for a particular purpose.
' This example assumes that you are familiar with the programming language
' that is being demonstrated and the tools that are used to create and debug
' procedures. Microsoft support professionals can help explain the
' functionality of a particular procedure, but they will not modify these
' examples to provide added functionality or construct procedures to meet your
' specific requirements. If you have limited programming experience, you may
' want to contact a Microsoft Certified Partner or the Microsoft fee-based
' consulting line at 1-800-936-5200. For more information about Microsoft
' Certified Partners, see the following Microsoft Web site:
'
' https://directory.microsoft.com/resourcedirectory/Solutions.aspx
'
' For additional information about the support options available from
' Microsoft, visit the following Microsoft Web site:
'
' https://support.microsoft.com/default.aspx?scid=fh;[LN];CNTACTMS
'
'------------------------------------------------------------------------------
Option Explicit
Dim xml
Dim update
Dim isInstalled
Dim report
Dim updID
report = WScript.Arguments(0)
updID = WScript.Arguments(1)
Set xml = CreateObject("MSXML2.DOMDocument")
xml.Load report
If Len(xml.xml) = 0 Then
WScript.Echo "Cannot load MBSA XML report: " & report
WScript.Quit(3)
End If
' Searches for the patch ID
Set update = xml.SelectSingleNode("//UpdateData[@ID='" & updID & "']")
If update Is Nothing Then
WScript.Echo "Update information not found"
WScript.Quit(2)
End If
' Verifies if patch is installed
Set isInstalled = update.SelectSingleNode("@IsInstalled")
If isInstalled Is Nothing Then
WScript.Echo "Update information corrupted or missing"
WScript.Quit(2)
End If
If isInstalled.Value = "true" Then
WScript.Echo "Update " & updID & " is installed"
WScript.Quit(0)
Else
WScript.Echo "Update " & updID & " is NOT installed"
WScript.Quit(1)
End If