Downloads
102913.zip

I created a script, WinUpdateCheck.vbs, that you can use to generate a report that details the number of Microsoft updates installed and the date of the most recently installed update for every Windows XP machine on your network. This information can be very useful in identifying machines that have been compromised with malware that prevents the installation of Microsoft updates (e.g., Conficker worm). It also provides a simple way to monitor Microsoft update installations throughout your network.

Here are the steps to get WinUpdateCheck.vbs working in your environment:

  1. Download WinUpdateCheck.vbs by clicking the Download the Code Here button.
  2. Create a text file that lists the name of every Windows XP host on your network. Each host name should be on a separate line.
  3. In the code that Listing 1 shows, modify the PCLIST constant to reflect the directory path and name of the text file created in step 2.
  4. Modify the PATH constant to reflect the directory location of where you want the results to be logged.

Listing 1: Code to Modify in WinUpdateCheck.vbs



WinUpdateCheck.vbs logs the results in a comma-separated value (CSV) file named Update-Log.csv. (If you run the script more than once, the subsequent runs' results are appended to the existing CSV file.) At the end, the script attempts to open the CSV file in Microsoft Excel. If you don't have Excel installed on the machine from which you're running the script, the results will still be logged in the CSV file. The file just won't open at the end of the script's run.

Note that WinUpdateCheck.vbs assumes the machines being inspected have Windows installed in the C:\Windows directory. If your machines have Windows installed in a different location, you'll need to change \$c\Windows to the appropriate directory in the script's UpdateLog subroutine.

WinUpdateCheck.vbs takes roughly 10 minutes per 100 machines to run, so if you have 500 machines it will take about 50 minutes to complete. (It might be slower or faster, depending on your network infrastructure.)