System patch Detection and Analysis Using WMI

WMI is the core of the Windows 2000/XP management system. WMI is a useful plug-in for other Win32 operating systems. Based on cimom, WMI is a Common Information Model Object Manager (cimom). It is an object database that describes the operating system components, including MMC and scripts.ProgramProvides a public interface for accessing the operating system component unit. Windows Management Specification (Wmi) is a scalable system management structure that uses a unified, standard-based, and scalable object-oriented interface. When I first understood WMI, I always thought that WMI was "Windows Management Interface (Interface )".

Next we will learn in detail how to use WMI to implement the patch detection process. Figure 1 shows the flowchart of the entire detection process.

Figure 1. flowchart of patch Detection Using WMI

Step 1: Set the patch number to be detected. We know that each patch of Microsoft has a standard number (such as kb828741). We can obtain the latest patch from Microsoft's website. Then, put the patch number you want to install into an array. We need to set different detection patch numbers for different Windows operating systems. Based on the current Windows system usage, I only detect Windows 2000/2003/XP.
Figure 1. flowchart of patch Detection Using WMI
Step 1: Set the patch number to be detected. We know that each patch of Microsoft has a standard number (such as kb828741). We can obtain the latest patch from Microsoft's website. Then, put the patch number you want to install into an array. We need to set different detection patch numbers for different Windows operating systems. Based on the current Windows system usage, I only detect Windows 2000/2003/XP.
'Windows 2000
Arrfixed_win2k = array ("kb840315", "kb870669", "kb828741", "kb835732 ",
"Kb840987", "kb841356", "kb885835", "kb885836 ",
"Kb831626", "kb841872", "kb841873", "kb889293 ")
'For Windows 2003
Arrfixed_win2k3 = array ("kb83167", "kb840374", "kb867801", "kb833987 ",
"Kb873376", "kb885835", "kb885836 ")
'For Windows XP SP1
Arrfixed_xp1 = array ("kb840987", "kb833987", "kb831645", "kb840315", "kb841873 ","
Kb873376 "," kb841356 "," kb889293 "," kb885835 "," kb885836 ")
'For Windows XP SP2
Arrfixed_xp2 = array ("kb83167", "kb885835", "kb885836 ")
Step 2: Create a WMI Object and establish a connection with the target host.
Dim ob1_miservice // WMI Object
Dim strcomputer = "." // address is the current host
Set ob1_miservice = GetObject ("winmgmts: {impersonationlevel = impersonate }! \ "& Strcomputer &" \ Root \ cimv2 ")
First, define two variables: obw.miservice and strcomputer. The first is the service positioning object we want to create, and the second is the IP address of the target host (if it is "." For the current host). The third sentence is to create a service object connected to the target host and define the namespace parameter as "Root \ cimv2 ". In this namespace, we will use the following system information.
Socket: Details Code Check the check_patch.txt file provided by the optical disk. Change the file extension TXT to vbs and double-click it in windows. If no patch is detected by the system, a prompt window is displayed. Otherwise, no.
Step 3: Read the current user's operating system information and install patches. In the namespace "root/cimv2", the instance "win32_operatingsystem" provides us with detailed information about the current operating system. We use WQL (SQL for WMI) to read this instance. If you are familiar with SQL syntax, you will know what you are doing.
'First determine the host system information: OS, SP patch version
'Obtain system information
Dim objosinfo // obtain operating system information
Dim kernel sver, kernel stype, intcurrentsp // current system version, type, Service Pack number
Set objosinfo = osvcremote. execquery ("select servicepackmajorversion, version, ostype from win32_operatingsystem ")
For each colosinfo in objosinfo
Intcurrentsp = colosinfo. servicepackmajorversion 'SP security patch version
Required sver = colosinfo. version' operating system version number
Required stype = colosinfo. ostype 'operating system type
Next
Socket: How do I know which namespace to connect and what objects to obtain? WMI Technical Guide [3] lists a large number of common objects. Unfortunately, it does not have a corresponding e-book. You only need to find it in the bookstore. You can also use the wmi cim studio tool in wmitools to search for desired objects. After finding the object, wmi cim studio can list its attributes and methods, and then go to msdn to find specific help.
Step 4: obtain information about patches installed on the current system. Under "Root \ cimv2", the "hotfixid" attribute under "win32_quickfixengineering" of the Instance stores the patch information installed by the current system.
'*************************************** ****************************
'* Read the patch list installed on the target host to the strfixedlist string.
'*************************************** ****************************
Dim colqfe, objqfe
Dim strhotfixid, strfixedlist, strfind, strnofixed
Set colqfe = osvcremote. execquery ("select hotfixid from win32_quickfixengineering ")
Step 4: Save the user patch number to an array variable and match it with the corresponding array defined in step 1 to find the patch number that is not installed in the current system. The implementation of this part is relatively simple. Please refer to the code below.
Step 5: display the final detection result.
So far, the patch detection process has ended. You only need to click and run the script file to complete the patch check. Especially for network administrators who have established an acitve Directory domain in an enterprise, they only need to add this script to the Group Policy of the domain controller to perform patch detection for each user logging on to the domain, prompt users with the latest patch information, and no longer need to worry about the user's failure to install the latest patch, which greatly improves the enterprise's internal network security management.