Patching Windows: Part 1

I once built a script that would patch Windows for me. It used an old version of the PSWindowsUpdate PowerShell module that ran in a check/fetch/install/reboot loop over and over until there were no more pending updates left to apply. This turned out to be a non-trivial problem to solve, even with a command-line tool to do it which, in general, Windows Update does not support.

There's obviously a way to invoke updates, but if you look for automatable ways to fetch and install updates for Windows, you either get tutorials on "what to click" to enable automatic updates, or MOM/SCOM/WSUS/Group Policy stuff.

Sometimes, you just want a script. You really just want to run "apt-get update; apt-get upgrade" and move on with your life.

So for a long time I used PSWindowsUpdate and it's easy enough to script, but it didn't work on my home machine, because at home I have an LTSB/LTSC machine that is on the lowest, slowest Windows 10 update ring.

That's for my own peace of mind, but it has its consequences. I'm typically a month (or two) behind the latest update. I get March's cumulative update in April, April's in May, and so on.

That's bad for my own peace of mind. How do I find peace?

Well, I could scrape the Windows 10 update RSS feed. And I read that for about 6 weeks before I lost my mind. It's a noisy feed and it's almost impossible to find good signal amongst the noise. I kept looking, and eventually I found keithga's DeploySharedLibrary repo on Github that has an "Update" section that can check the designated Windows 10 knowledge base pages on support.microsoft.com and bubble up the latest Cumulative Update.

So if you are OK with just scoping your update scripts to checking for the all-important monthly Cumulative Update, this is the repo for you. Except, it doesn't quite work anymore.

I'm sure it used to be great, but it has two problems: it scrapes live HTML that doesn't have any strict formatting guidelines, and it is over a year old without an update.

Things got really hairy with the DeploySharedLibrary code when 1903 and 1909 came out and Microsoft chose to combine both of those OS versions under a single KB, but with different build numbers.

Long story short, I ended up extensively patching DeploySharedLibrary so it works with modern Windows 10 releases. This involves having two files: a WU.psm1 module and a 2ndtuesday.ps1 script that sorts through the Windows Updates it finds and fetches the right update to match your local machine (or, if you want, the Windows build you specify).

Next time: Masters of Kung WU.