Question

Microsoft fixes Windows TLS handshake with out of band update

  • 18 October 2022
  • 1 reply
  • 169 views
B
Badge

When will this out of band update be available in Automox for deployment?

 https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-tls-handshake-failures-in-out-of-band-updates/

1 reply

J
Userlevel 3

 

Hi Brian,

Automox is able to provide native patching for updates that are available within Windows Update.

We regularly ingest the feed of patches from Microsoft, so pretty much as soon as the patch is available in Windows Update, it should be available within your Automox Console.

 

Since this update is out-of-band, you would not be able to patch this within a standard patch policy until Microsoft releases it through the Windows Update channel.

 

You can however acquire the KB from the Windows Update Catalog, and use a worklet for deploying it.

 

Here is a worklet I’ve been using to perform out-of-band patching:

#EVALUATION CODE
#Check for this Windows Patch.
#Replace KB5020435, with your patch KB
$kb="KB5020435"

if (Get-HotFix -id $kb)
{
  # If KB is already installed, exit without remediation.
  Write-Output "$kb is already installed on this server. Now exiting."
  Exit 0
}

else
{
  #If KB is not found, continue to remediation script for installation.
  Write-Output "$kb was not found. Running remediation code to download and install it."
  Exit 1
}
#REMEDIATION CODE
Function Download-MSUpdate
{
#Replace KB5020435, with your patch KB
$kb="KB5020435"

#Stage a temp directory for the payload
New-Item -ItemType Directory -Path 'C:\Temp\UpdateStaging\' -Force

#Specify source and target variables, where $UpdateURL is the full URL to the file via the MS Catalog
$UpdateURL = "https://catalog.s.download.windowsupdate.com/c/msdownload/update/software/updt/2022/10/windows10.0-kb5020435-x64_c80ba81c2e9c810fed28af5ca133d92a6b52f1dd.msu"
$DownloadFolder = "C:\Temp\UpdateStaging\$kb.msu"

#Download the MSU
Invoke-WebRequest -Uri $UpdateURL -OutFile $DownloadFolder
}

#Run the Download-MSUpdate Function
Write-Output "Downloading the out of band patch from the Microsoft Catalog."
Download-MSUpdate
Write-Output "Download complete. Now installing..."

#Execute WUSA.exe with a call to the newly download MSU
Start-Process wusa.exe -Wait -ArgumentList "C:\Temp\UpdateStaging\$kb.msu /quiet /norestart"

#Cleanup temp staging directory
Remove-Item -Path "C:\Temp\UpdateStaging\" -Recurse -Force

Write-Output "Out of band patch $kb has been successfully installed!"

 

We also have a worklet in our Worklet Catalog named Deploy MSP based KB that could be tailored for this purpose too.

 

Hope this helps!

Reply


Terms & ConditionsCookie settings