Windows batch file for invalid microsoft updates

Question

I am struck while creating a windows batch file which just indicates if an invalid KB article is installed on my computer/ windows server.

This is where i am at now,

Script :

@ECHO OFF
WMIC QFE GET HOTFIXID>%~dp0QFE_list.txt
FOR /f "delims=," %%a IN (%~dp0Patch_List.txt) DO (
    CALL :PATCH_LIST %%a
)
GOTO :EOF

:PATCH_LIST
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s /f "%1">NULL.txt
IF %ERRORLEVEL% EQU 0 ECHO %1: INSTALLED
IF %ERRORLEVEL% NEQ 0 (
ECHO FIND %1
FIND /C "%1" %~dp0QFE_List.txt>NULL.txt
IF ERRORLEVEL 0 ECHO %1: QFE INSTALLED
IF ERRORLEVEL 1 ECHO %1: **** NOT INSTALLED! ****
)

Current output : ---------- C:\USERS\PVENK17\DESKTOP\TEST\QFE_LIST.TXT: 1

Desired output : : Installed

Inputfile contents : KB3057839,KB3002657

Issue :

Even though it works for 1 KBarticle. When i place more than 1 in the inputfile it is not working.

Kindly help me resolve this issue.

Thanks Prashanth

Answer 1

@echo off
title HOTFIXID_KB_FOUND
setlocal enabledelayedexpansion
cd /d "%~dp0"
for /f %%A in (KB_list.txt) do (
wmic qfe get hotfixid |findstr /i "%%A"
if !errorlevel! equ 0 echo %%A: ****INSTALLED****
if !errorlevel! equ 1 echo %%A: NOT INSTALLED
)
pause

KB_list.txt, in my case, is the list of the harmful updates leading to BSOD. You can, of course, automate and delete, but not always get wusa.exe sometimes requires dism.exe.

An example of removing using wusa.exe

wusa.exe /uninstall /kb:3065987 /quiet /norestart

An example of removing using dism.exe

DISM /Online /Get-Packages /Format:Table
DISM /Online /Remove-Package /PackageName:Package_for_KB3045999~31bf3856ad364e35~amd64~~6.1.1.1

Answer 2

After much more debugging i wrote this code, i know its not ideal solution but it works

Code :

@ECHO OFF
title IllegalPatchCheck

echo Select a server. (AW/PG)
set /p server=

IF /i "%server%"=="AW" goto AdminWorkstation
IF /i "%server%"=="PG" goto PeripheralGateway

echo Invalid Input.
goto commonexit

:AdminWorkstation

WMIC QFE GET HOTFIXID>%~dp0QFE_list.txt

find /c "KB3057839" %~dp0QFE_list.txt>nul
if %errorlevel% equ 1 ECHO KB3057839  NOT Found
if %errorlevel% neq 1 ECHO KB3057839 Found

find /c "KB3058515" %~dp0QFE_list.txt>nul
if %errorlevel% equ 1 ECHO KB3057839  NOT Found
if %errorlevel% neq 1 echo KB3058515 Found

find /c "KB3059317" %~dp0QFE_list.txt>nul
if %errorlevel% equ 1 echo KB3059317 NOT found
if %errorlevel% neq 1 echo KB3059317 Found

find /c "KB3063858" %~dp0QFE_list.txt>nul
if %errorlevel% equ 1 echo KB3063858 NOT found
if %errorlevel% neq 1 echo KB3063858 Found

goto commonexit

:PeripheralGateway

WMIC QFE GET HOTFIXID>%~dp0QFE_list.txt

find /c "KB2984972" %~dp0QFE_list.txt>nul
if %errorlevel% equ 1 echo KB2984972 NOT Found
if %errorlevel% neq 1 echo KB2984972 Found

find /c "KB3046049" %~dp0QFE_list.txt>nul
if %errorlevel% equ 1 echo KB3046049 NOT Found
if %errorlevel% neq 1 echo KB3046049 Found

find /c "KB3002657" %~dp0QFE_list.txt>nul
if %errorlevel% equ 1 echo KB3002657 NOT Found
if %errorlevel% neq 1 echo KB3002657 Found

goto commonexit

:commonexit
del /q /f %~dp0QFE_list.txt >nul
pause

Thanks Prashanth

Answer 3

I can make this work by changing the input file format: 1 KB per line

KB3057839
KB3002657

Then, just remove the "delims" stuff and it works for several items. Not sure of the logic of the last lines. It seems to say "installed/not installed"

And BTW redirect your commands to NUL to avoid creating a useless file.

@ECHO OFF
WMIC QFE GET HOTFIXID>%~dp0QFE_list.txt
FOR /f %%a IN (%~dp0Patch_List.txt) DO (
    CALL :PATCH_LIST %%a
)
GOTO :EOF

:PATCH_LIST
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s /f "%1">NUL
IF %ERRORLEVEL% EQU 0 ECHO %1: INSTALLED
IF %ERRORLEVEL% NEQ 0 (
ECHO FIND %1
FIND /C "%1" %~dp0QFE_List.txt>NUL
IF ERRORLEVEL 0 ECHO %1: QFE INSTALLED
IF ERRORLEVEL 1 ECHO %1: **** NOT INSTALLED! ****
)