What is the need for this PowerShell script. This script is needed when there is a discrepancy reported by vulnerability scan claiming that a set of windows systems are missing particular patch however the centralized patching tool is showing them as installed. This script could be handy for auditors, control validator/tester to test if patches are installed periodically or to check recently patched dates etc. Option 1 $cDate = Get-Date # Get the date 30 adys ago $DaysAgo = $cDate .AddDays(-30) # Get all the Updates installed since 30 days ago Get-HotFix | Where-Object { $_ .InstalledOn -gt $DaysAgo } $LastPatch = Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 1 Option 2 Get-CimInstance -Class win32_quickfixengineering | Where-Object { $_ .InstalledOn -gt ( Get-Date ).AddDays(-30) } Option 3 $Hosts = Get-Content -Path '.\hosts.txt' #contains list of hosts #For each of the hosts in that file, run a command to gather patches installed on
Many technologies are leveraged to achieve business objectives and values to customer, but it comes with a price of security risk associated with them. Managing those risk would be an superficial act wasting time and money unless we understand how they are configured, maintained and operated, and then understanding the terms, definitions and concept associated with those technologies becomes paramount, Then you know how to control these risk effectively and efficiently