- https://portal.msrc.microsoft.com/en-us/security-guidance
- Can download cumulative updates from above site
- Patch files for Vista, 7, 8, 10 and Server 2008/2012/2016/2019 have .msu extensions
- use the
expandtool to unpack the packages with.msuextensions expand -F:* Windows8.1-KBXXXXXXX-x64.msu- Interesting files are
.cabfiles - The dir names will have the name of the file they are patching, for example
dir /s /b/ /o:n /ad
Patched/x64_microsoft-windows-user32_XXXXXXXX
- The above patch file is for
user32.dll cdinto above directory and dir to see the patcheduser32.dllfile
- Cumulative updates can be giant with thousands of files. Greg Linares wrote some powershell scripts to simplify the file amount
powershell -executionpolicy Bypass -File C:\Patch\PatchExtract14.ps1 -Path windows10.0-XXX.msu -Path C:\Patch\MS19-MAR
- above command extracts every folder and file form the cumulative update and results in a large amount of files and folders
- Some of the files and folders can date back years which we do not care about
- Download: http://pastebin.com/u/Laughing\_Mantis
- Download alt: https://pastebin.com/VjwNv23n
- After extraction of all the files we will clean up all the files that are older than 30 days which limit how much we have to look at
- use the patchclean script
powershell.exe -ExecutionPolicy Bypass -File C:\Patch\PatchClean.ps1 -Path C:\Patch\MS18-MAR\x64\
- Download PatchClean: http://pastebin/com/u/Laughing\_Mantis