So the news is out that there is a new Intel vulnerability and I'm asked to come up with a report. In our environment, the key to mitigation is KB4507453 but I'm finding only a handful of machines reporting (via PDQ Inventory) they have it installed. I cross referenced WSUS and found that most machines have it installed. Turn out, there are multiple ways that installs happen and I'm guessing PDQ uses the Get-HotFix Powershell command to get them. According to [this article][1] you can list out the rest of them using the following script:

    $Session = New-Object -ComObject "Microsoft.Update.Session"
$Searcher = $Session.CreateUpdateSearcher()

$historyCount = $Searcher.GetTotalHistoryCount()

$Searcher.QueryHistory(0, $historyCount) | Select-Object Title, Description, Date,

    @{name="Operation"; expression={switch($_.operation){

        1 {"Installation"}; 2 {"Uninstallation"}; 3 {"Other"}

}}}

I used this script and found it lists the missing patch. So my question is how can I run this on each machine and have them listed with the other hotfixes? If it's not possible, can I request this as a feature request?

Thanks. [1]: https://social.technet.microsoft.com/wiki/contents/articles/4197.windows-how-to-list-all-of-the-windows-and-software-updates-applied-to-a-computer.aspx

Cancel
login to comment