Applying Security Patch KB4012598 on XP Machines using GPO
As we know that last week has been quite messy due to of Ransomware name Cryware/wannacry. A lot of us were hassling up to update our machines with MS17-010 Patch. Looking the criticality nature, even Microsoft has released its patch for Windows XP and Windows Server 2003 which are EOL (End of Life) Product. But it’s messy for applying these patches for Windows XP and Windows Server 2003. Even though Microsoft has released the Patch, they are not available on SCCM SUP as well on WSUS. So, here we are Applying Security Patch KB4012598 on XP Machines using GPO. Yes, obviously, it’s not great idea to patch our machine using scripts and GPO. Although in cases like these, we need to have choose such options.
Not only these, we have found a lot of client do have an issue with managing the patches for the client machines. They don’t have any centralized updating server like WSUS and SCCM SUP role. For those clients, also you can use similar kind of script to perform these activities.Although we strongly recommend to use SCCM SUP role for the patch management of Windows Machines.
Focusing on the topic. Let me start with the outline of Patching.
- Download the Update
- Need to check if the machine is Windows XP or not?
- Apply the patch on the machine, if already Patched… need to exit.
- Reboot the machine.
REM Check the version of Windows Machine, if XP goes to check update else to end
ver | find "Windows XP"
if %errorlevel% equ 0 goto check_update
REM Check if the update has been already installed or not. If Already installed skip to end else install update
wmic qfe get hotfixid |find "KB4012598"
if %errorlevel% equ 1 goto install_update
REM Path to install the update replace this path with you path
REM end of the script
you can use the reference to use GPO from this link:
Similarly, you can do same for other bath of updates too. Hope this was quite easy method and will be helpful to you for other cases too.