HOWTO: Get missing updates with Powershell


In this article, I show a PowerShell script which helps to get a list of all the missing Windows updates.


1. Type Get-MissingUpdates -Computername YOURCOMPUTER:

   - function Get-MissingUpdates {
[CmdletBinding()]
[OutputType([System.Management.Automation.PSCustomObject])]
param (
[Parameter(Mandatory,
ValueFromPipeline,
ValueFromPipelineByPropertyName)]
[string]$ComputerName
)
begin {
function Get-32BitProgramFilesPath {
if ((Get-Architecture) -eq 'x64') {
${ env:ProgramFiles(x86) }
} else {
$env:ProgramFiles
}
}
function Get-Architecture {
if ([System.Environment]::Is64BitOperatingSystem) {
'x64'
} else {
'x86'
}
}
$Output = @{ }
}
process {
try {
## Remove any previous reports
Get-ChildItem "$($Env:USERPROFILE)\SecurityScans\*" -Recurse -ea 'SilentlyContinue' | Remove-Item -Force -Recurse
## Run the report to create the output XML
$ExeFilePath = "$(Get-32BitProgramFilesPath)\Microsoft Baseline Security Analyzer 2\mbsacli.exe"
if (!(Test-Path $ExeFilePath)) {
throw "$ExeFilePath not found"
}
& $ExeFilePath /target $ComputerName /wi /nvc /o %C% 2>&1> $null
## Convert the report to XML so I can use it
[xml]$ScanResults = Get-Content "$($Env:USERPROFILE)\SecurityScans\$($Computername.Split('.')[0]).mbsa"
$UpdateSeverityLabels = @{
'0' = 'Other'
'1' = 'Low'
'2' = 'Moderate'
'3' = 'Important'
'4' = 'Critical'
}
$MissingUpdates = $ScanResults.SelectNodes("//Check[@Name='Windows Security Updates']/Detail/UpdateData[@IsInstalled='false']")
foreach ($Update in $MissingUpdates) {
$Ht = @{ }
$Properties = $Update | Get-Member -Type Property
foreach ($Prop in $Properties) {
$Value = ($Update | select -expandproperty $Prop.Name)
if ($Prop.Name -eq 'Severity') {
$Value = $UpdateSeverityLabels[$Value]
}
$Ht[$Prop.Name] = $Value
}
[pscustomobject]$Ht
}
} catch {
Write-Error "Error: $($_.Exception.Message) - Line Number: $($_.InvocationInfo.ScriptLineNumber)"
}
}
}.

Also consider using Action1 to get a list of all the missing Windows updates if:
- You need to perform this action on multiple (hundreds or even thousands) computers simultaneously.
- Some of your endpoints are laptops not connected to corporate network at all times.

Action1 is a cloud-based platform for software deployment, software/hardware inventory, patch management, endpoint configuration and more. It is free with basic functionality.


Other Relevant HOWTOs: