Listing all installed updates

While researching a problem the other day I needed to list all updates that were installed on a system and get some details about why they were there. Add/Remove Programs, a.k.a. Programs and Features, is probably the worst way to do that as it is quite inefficient to go through the updates in that way, and some do not seem to appear there at all.


A better way is to use wmic from a command prompt, as in:
wmic qfe list full /format:htable


That produces nicely formatted HTML output like this:


Node Caption CSName Description FixComments HotFixID InstallDate InstalledBy InstalledOn Name ServicePackInEffect Status
HUGIN http://support.microsoft.com. HUGIN. Software Update. . 933246. . S-1-5-18. 01c7ced4f18c9ed7. . . .
HUGIN http://support.microsoft.com/?kbid=937954. HUGIN. Update. . KB937954. . S-1-5-21-2593503083-3831033232-2105785001-1138. 01c832387702bf6a. . . .
HUGIN http://support.microsoft.com. HUGIN. Software Update. . 932926. . S-1-5-18. 01c7ced4f193c528. . . .
HUGIN http://support.microsoft.com. HUGIN. Software Update. . 932925. . S-1-5-18. 01c7cecb71bfd1e7. . . .
HUGIN http://support.microsoft.com/?kbid=905866. HUGIN. Update. . KB905866. . S-1-5-18. 01c83d79580f63d6. . . .
HUGIN http://support.microsoft.com/?kbid=925902. HUGIN. Security Update. . KB925902. . S-1-5-18. 01c7ced4f1962743. . . .
 


You can redirect the output into a file and then open at will. However, I found two flaws in the output. First, run it on Vista and look at the Output column. It will URLs to the KB articles for the update, in some cases, but they are not active hyperlinks. On XP, the caption field does not even have this information, apparently because XP updates do not populate that field. Second, there are a bunch of unnecessary columns, and the information is inconsistent from OS to OS.


To address those issues I wrote the attached script. It does more or less the same thing, but it gives more compact output and formatted hyperlinks. Its output looks like this:


Caption Description Hotfix ID KB Link Installed On Service Pack in effect Fix comments
http://support.microsoft.com Software Update 933246 933246 01c7ced4f18c9ed7
http://support.microsoft.com/?kbid=937954 Update KB937954 937954 01c832387702bf6a
http://support.microsoft.com Software Update 932926 932926 01c7ced4f193c528
http://support.microsoft.com Software Update 932925 932925 01c7cecb71bfd1e7
http://support.microsoft.com/?kbid=905866 Update KB905866 905866 01c83d79580f63d6
http://support.microsoft.com/?kbid=925902 Security Update KB925902 925902 01c7ced4f1962743


The Service Pack In Effect and the Fix Comments fields are still not populated, but that is because this screenshot was taken on Windows Vista. On XP they were populated. In addition, the script does its best to parse the Hotfix ID and make a clickable link out of it in the KB Link directory. This gives you a direct link to where the script belongs. In addition, the script creates the output file automatically in current working directory. This makes investigating the installed updates far easier. Hopefully someone else will find this helpful.


Two more notes are in order about this script. First, the Installed On date is in binary form on Windows Vista, which is why the output looks the way it does. On Windows XP that same fields holds a string date and so is much more valuable. Second, a more powerful version of this script, written by scripting genius Ed Wilson, and designed for PowerShell, will ship on the CD for the Windows Server 2008 Security Resource Kit. The CD comes with a number of other scripts of his design, as well as some tools of my design, and is, of course, available for pre-order now.

IDTheftReview.com and its ilk are unauthorized blog mirrors stealing intellectual property

Recently, a shady outfit that goes by a number of names, all of which have to do with ID Theft have been stealing the content of my blog and mirroring it on their site as their own. They take the contents, verbatim, and list it as having been written by "SecuMania staff," which I am not. I just wanted to make you aware that I have NOT authorized this theft of intellectual property, nor do I have anything whatsoever to do with any of their shady business practices or anything they advocate on their site. I am doing my best at cleaning up the trackbacks their site creates, but it is not entirely successful.


The unauthorized copies are shown on several different URLs, all of which are related. They also seem to scrape other content, which, presumably, they have no right to.


<site data removed upon request>


It is not clear whether the site is simply trying to boost Google rankings or whether they are trading in malware, but personally, I would treat anything they try to sell on that site as malware. Stay away from all these sites and don't download or purchase anything from them.


Heh, the attached screenshot is funny.

IDThieves.org and its ilk are unauthorized blog mirrors stealing intellectual property

Recently, a shady outfit that goes by a number of names, all of which have to do with ID Theft have been stealing the content of my blog and mirroring it on their site as their own. They take the contents, verbatim, and list it as having been written by “SecuMania staff,” which I am not. I just wanted to make you aware that I have NOT authorized this theft of intellectual property, nor do I have anything whatsoever to do with any of their shady business practices or anything they advocate on their site. I am doing my best at cleaning up the trackbacks their site creates, but it is not entirely successful.


The unauthorized copies are shown on several different URLs, all of which are related. They also seem to scrape other content, which, presumably, they have no right to.


<site data removed upon request>


It is not clear whether the site is simply trying to boost Google rankings or whether they are trading in malware, but personally, I would treat anything they try to sell on that site as malware. Stay away from all these sites and don’t download or purchase anything from them.


Heh, the attached screenshot is funny.

New blog mirror

This morning it was brought to my attention that certain overzealous network managers are blocking access to msinfluentials becuase it is a "personal site." I suppose that is true since my blog is the only thing there. To solve that, Susan did some quick configuration work and produced a mirror of my blog at http://msmvps.com/blogs/jesper/Default.aspx. If you are having a problem accessing it try the mirror. It has the same content, but is a more "professional" site so it should be allowed through in more places.

IE 6 crashes after you install security update MS07-069 on a computer that is running Windows XP SP2

If you are still on Windows XP SP2 with Internet Explorer (IE) 6, and you install the security update announced in MS07-069, then you may just have lost your ability to surf much of the web with IE. Apparently that combination causes IE to crash when you go to a web site, according to Microsoft Knowledge Base article 946627 and a blog post on the IE blog. The exact cause appears to still be under investigation. The signature of the crash, however, is shown in this picture:



The fix is to set a registry key. However, most home users would probably struggle with that, and enterprises, trying to figure out how to roll that fix out to 50,000 desktops would probably not be enjoying themselves tremendously either. In an attempt to help out I wrapped the required registry key in a Windows Installer program, attached to this post. The installer only sets the registry key. However, for a home user it is much simpler to double-click on an installer than navigating through the registry. For an enterprise, since it is an MSI file, it can be deployed with Group Policy to all affected computers. The best part is that it is completely uninstallable through Add/Remove Programs.


Hopefully this will help someone.