Article ID: 124192, created on Jan 14, 2015, last review on Jun 17, 2016

  • Applies to:
  • Virtuozzo containers for Linux 4.6
  • Virtuozzo containers for Windows

Symptoms

The page with approved MS updates is not updated often. Is it possible to get the list of approved updates manually?

Resolution


Getting list of updates

  • For Windows, download this PowerShell script and run (this example lists updates for VZ 4.6 update 80, approved for Windows 2008 R2 systems):

    PS C:\> UpdateDetails.ps1  "Windows Server 2008 R2" VZU460080
    Selected product title: Windows Server 2008 R2; target group: VZU460080
    
    KBnumber    by/num  Update title    Update description
    KB971468    0/1 Security Update for Windows Server 2008 R2 x64 Edition (KB971468)   A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.
    KB972270    0/0 Security Update for Windows Server 2008 R2 x64 Edition (KB972270)   A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system.
    KB973685    0/2 Update for Microsoft XML Core Services 4.0 Service Pack 3 for x64-based Systems (KB973685)  Install this update to prevent applications from sending too many HTTP requests while a well-known Document Type Definition (DTD) is included. After you install this item, you may have to restart your computer. Once you have installed this item, it cannot be removed.
    ...
    

    When running the script on a Windows server with Virtuozzo containers, it is not necessary to specify Windows version and Virtuozzo target group - this information is obtained automatically.

  • It is possible to do the same from a Linux Server with this script:

    ~# wget http://kb.plesk.com/Attachments/kcs-44941/UpdateDetails.sh
    ~# bash UpdateDetails.sh "Windows Server 2008 R2" VZU460080
    

    Linux version of the script accepts -? or --help and shows some help.

By default, it displays MS updates supported for the most resent OS version (Windows Server 2012) and the latest VZU.

The column "by/num" shows the number of updates which are obsoleted by this update and the number of updates which replace this one.

Thus, a new installation of Virtuozzo containers with given target group gets updates with "/0" in the end of this column.

To get the list of operating systems and available updates for Virtuozzo containers, run the script with "?" in parameters:

Available product titles (default is: Windows Server 2012):
    Windows Server 2012
    Windows Server 2008 R2
    Windows Server 2008
    Windows Server 2003, Datacenter Edition
    Windows Server 2003
Available target groups (default is: VZU600019):
    VZU600019
    VZU600018
    VZU600017
    ...


Check for not approved updates

The option check:FILENAME can be used to check if updates listed in the specified file are approved and to show approval status.

FILENAME should contain the list of updates generated by the command:

C:\> wmic qfe get hotfixid

If this name is omitted then:

  • on Linux, the content is read from the standard input.
  • on Windows, the output of wmic qfe get hotfixid is used.

The option check:FILENAME can be specified several times, to append the list.

Sample output:

~# ./UpdateDetails.sh VZU460084 "Windows Server 2008 R2" check:UpdateDetails.txt
Selected product title: Windows Server 2008 R2; target group: VZU460084; not approved: 8

## 4 update(s) not listed in WSUS
https://support.microsoft.com/en-us/kb/958488   [not listed]
https://support.microsoft.com/en-us/kb/976902   [not listed]
https://support.microsoft.com/en-us/kb/2857650  [not listed]
https://support.microsoft.com/en-us/kb/3018238  [not listed]

## 1 update(s) not approved, and replaced by other installed and approved one
https://support.microsoft.com/en-us/kb/2925418  [approved by KB2936068]
    KB2925418-Win2008R2-IE11-SP1-X64-TSL: Cumulative Security Update for Internet Explorer 11 for Windows Server 2008 R2 for x64-based Systems (KB2925418)

## 3 update(s) not approved, not replaced by other installed and approved one
https://support.microsoft.com/en-us/kb/982861   [not approved]
    IE9-RTM-CAT-SRV08R2-AMD64: Windows Internet Explorer 9 for Windows Server 2008 R2 for x64-based Systems
https://support.microsoft.com/en-us/kb/2800095  [not approved]
    KB2800095-Win2008R2-SP1-X64-TSL: Update for Windows Server 2008 R2 x64 Edition (KB2800095)
https://support.microsoft.com/en-us/kb/2982791  [not approved]
    obsoletes installed KB2876331
    obsoletes installed KB2930275
    KB2982791-Win2008R2-SP1-X64-TSL: Security Update for Windows Server 2008 R2 x64 Edition (KB2982791)

Whenever possible, the amount of shown information about known updates can be controlled with the option details:{no|title|full}. By default, the title is shown (see above), "no" means to suppress information about updates (see below). Setting "full" adds update description after update's title.

~# ./UpdateDetails.sh VZU460084 "Windows Server 2008 R2" check:UpdateDetails.txt details:no
Selected product title: Windows Server 2008 R2; target group: VZU460084; not approved: 8

## 4 update(s) not listed in WSUS
https://support.microsoft.com/en-us/kb/958488   [not listed]
https://support.microsoft.com/en-us/kb/976902   [not listed]
https://support.microsoft.com/en-us/kb/2857650  [not listed]
https://support.microsoft.com/en-us/kb/3018238  [not listed]

## 1 update(s) not approved, and replaced by other installed and approved one
https://support.microsoft.com/en-us/kb/2925418  [approved by KB2936068]
    KB2925418-Win2008R2-IE11-SP1-X64-TSL: Cumulative Security Update for Internet Explorer 11 for Windows Server 2008 R2 for x64-based Systems (KB2925418)

## 3 update(s) not approved, not replaced by other installed and approved one
https://support.microsoft.com/en-us/kb/982861   [not approved]
https://support.microsoft.com/en-us/kb/2800095  [not approved]
https://support.microsoft.com/en-us/kb/2982791  [not approved]
    obsoletes installed KB2876331
    obsoletes installed KB2930275


Describe all installed updates

The command line argument installed:{list|title|full} can be used to show approved updates and corresponding obsoleted ones, both installed and not installed ones. If any update is superseding and being superseded at the same time, it is not listed as a separate instance.

  • list - displays approved updates with obsoleted ones
  • title - adds titles to updates' details
  • full - shows updates' titles and descriptions

There can be few different updates obsoleting the same set of updates. Note KB2973201 and KB2993651:

# ./UpdateDetails.sh check:UpdateDetails.txt VZU600022 installed:list
Selected product title: Windows Server 2012; target group: VZU600022; not approved: 26

## 111 update(s) approved, installed, with list of obsoleted updates (if any)
https://support.microsoft.com/en-us/kb/2727528
https://support.microsoft.com/en-us/kb/2737084
https://support.microsoft.com/en-us/kb/2742614
https://support.microsoft.com/en-us/kb/2756872
    obsoletes not installed KB2751352
https://support.microsoft.com/en-us/kb/2757638
https://support.microsoft.com/en-us/kb/2764462
https://support.microsoft.com/en-us/kb/2765809
...
https://support.microsoft.com/en-us/kb/2972280
    obsoletes installed KB2929961
    obsoletes not installed KB2845187
https://support.microsoft.com/en-us/kb/2973201
    obsoletes installed KB2930275
    obsoletes not installed KB2761226
    obsoletes not installed KB2778344
    obsoletes not installed KB2778930
    obsoletes not installed KB2779030
    obsoletes not installed KB2808735
    obsoletes not installed KB2850851
    obsoletes not installed KB2876315
    obsoletes not installed KB2883150
    obsoletes not installed KB2893984
https://support.microsoft.com/en-us/kb/2973351
https://support.microsoft.com/en-us/kb/2973501
https://support.microsoft.com/en-us/kb/2976897
    obsoletes installed KB2830290
https://support.microsoft.com/en-us/kb/2977292
https://support.microsoft.com/en-us/kb/2978668
    obsoletes installed KB2849470
https://support.microsoft.com/en-us/kb/2982998
https://support.microsoft.com/en-us/kb/2988948
    obsoletes installed KB2956037
https://support.microsoft.com/en-us/kb/2992611
    obsoletes installed KB2785220
    obsoletes not installed KB2868725
https://support.microsoft.com/en-us/kb/2993651
    obsoletes installed KB2930275
    obsoletes installed KB2964736
    obsoletes not installed KB2761226
    obsoletes not installed KB2778344
    obsoletes not installed KB2778930
    obsoletes not installed KB2779030
    obsoletes not installed KB2808735
    obsoletes not installed KB2850851
    obsoletes not installed KB2876315
    obsoletes not installed KB2876331
    obsoletes not installed KB2883150
    obsoletes not installed KB2893984
https://support.microsoft.com/en-us/kb/2993958
    obsoletes installed KB2939576
    obsoletes not installed KB2916036
https://support.microsoft.com/en-us/kb/2996851
    obsoletes not installed KB2989540
https://support.microsoft.com/en-us/kb/3002657
...


Show approvals for the certain KB

Approval state for the certain KB article for the specific Windows version can be checked using another Linux script

~# ./UpdateApprovals.sh "Windows Server 2008 R2" KB2964736
There is no information about 'KB2964736' for 'Windows Server 2008 R2'.
~# ./UpdateApprovals.sh "Windows Server 2012" KB2964736
<Update UpdateID="68E2522E-CB68-4B97-806F-F94040023F5C" Title="Security Update for Windows Server 2012 (KB2964736)" Classification="Security Updates" LegacyName="KB2964736-Win8Server-RTM-X64-TSL" Description="A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system." SyncDate="4/10/2015 8:50 PM" ReleaseDate="6/10/2014 10:00 AM" MsrcSeverity="Critical" HasSupersededUpdates="True" isApproved="True" isSuperseded="True" PublicationState="Published">
  <ProductFamilyTitles>
    <ProductFamilyTitle Title="Windows"/>
  </ProductFamilyTitles>
  <ProductTitles>
    <ProductTitle Title="Windows Server 2012"/>
  </ProductTitles>
  <SecurityBulletins>
    <SecurityBulletin Number="MS14-036"/>
  </SecurityBulletins>
  <KBArticles>
    <KBArticle ArticleNumber="2964736"/>
  </KBArticles>
  <AdditionalInformationUrls>
    <AdditionalInformationUrl URL="http://support.microsoft.com/kb/2964736"/>
  </AdditionalInformationUrls>
  <UpdatesSupersededByThisUpdate>
    <Update UpdateID="F415A74C-4813-4DEA-B7D4-5EB2108E560B" Title="Security Update for Windows Server 2012 (KB2876331)" Classification="Security Updates"/>
  </UpdatesSupersededByThisUpdate>
  <UpdatesThatSupersedeThisUpdate>
    <Update UpdateID="620BF998-C6D3-482F-A206-56488B58EBDD" Title="Security Update for Windows Server 2012 (KB3069392)" Classification="Security Updates"/>
    <Update UpdateID="CB9E8D59-EFCA-4D94-A41F-7D1EFC2BEB24" Title="Security Update for Windows Server 2012 (KB2993651)" Classification="Security Updates"/>
  </UpdatesThatSupersedeThisUpdate>
  <Approvals>
    <Approval TargetGroup="VZU600027" Approval="Install" Deadline="None" ApprovalDate="8/21/2015 10:00:55 AM"/>
    <Approval TargetGroup="VZU600009" Approval="Install" Deadline="None" ApprovalDate="4/24/2015 3:01:50 AM"/>
    <Approval TargetGroup="VZU600015" Approval="Install" Deadline="None" ApprovalDate="4/24/2015 3:01:51 AM"/>
...

Search Words

manually check

MS-13-006

hotfix

update

Windows updates

unsupported updates

965b49118115a610e93635d21c5694a8 2897d76d56d2010f4e3a28f864d69223 d02f9caf3e11b191a38179103495106f e8e50b42231236b82df27684e7ec0beb 36627b12981f68a16405a79233409a5e

Email subscription for changes to this article
Save as PDF