How to use a visual basic script to install the 824146 (MS03-039) or 823980 (MS03-026) security patch on remote host computers (827227)
The information in this article applies to:
- Microsoft Windows Server 2003, Datacenter Edition
- Microsoft Windows Server 2003, Enterprise Edition
- Microsoft Windows Server 2003, Standard Edition
- Microsoft Windows Server 2003, Web Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Tablet PC Edition
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
SUMMARYThis article includes a sample Microsoft Visual Basic Scripting Edition script that is named Patchinstall.vbs. This script is an example of how a network administrator can use Windows Management Instrumentation (WMI) scripting to install the 824146 (MS03-039) or the 823980 (MS03-026) security patch on remote host computers that do not have the patch installed in a Microsoft Windows NT, Windows 2000, or Windows Server 2003 domain environment. The Patchinstall.vbs script takes a file ( Ipfile.txt) that contains IP addresses as input and installs the 824146 (MS03-039) or the 823980 (MS03-026) security patch from a known location on the remote host computer (C:\Patchinst.exe).
For additional information about the 824146 (MS03-039) security patch, click the following article number to view the article in the Microsoft Knowledge Base:
824146
MS03-039: Buffer overrun in RPCSS may allow code execution
For additional information about the 823980 security patch, click the following article number to view the article in the Microsoft Knowledge Base:
823980
MS03-026: Buffer overrun in RPC may allow code execution
For additional information about a tool that network administrators can use to scan their network for computers that do not have these security patches installed, click the following article number to view the article in the Microsoft Knowledge Base:
827363
How to use the KB 824146 scanning tool to identify host computers that do not have the 823980 (MS03-026) or 824146 (MS03-039) security patches installed
Notes- You must have administrative permissions on the remote destination computers to successfully install the 824146 or the 823980 security patch.
- Microsoft Windows XP-based destination computers must be joined to a Windows NT, Windows 2000, or Windows Server 2003 domain to successfully use the Patchinstall.vbs script.
- The Patchinstall.vbs script uses Windows Management Instrumentation (WMI). WMI depends on the Distributed Component Object Model (DCOM). Therefore, the Patchinstall.vbs does not work on destination computers where DCOM has been disabled to work around the vulnerability that is addressed by Microsoft Security Bulletins MS03-039 or MS03-026.
- The 824146 or the 823980 security patch packages must be located in a local folder on the computer where you run the Patchinstall.vbs script, and the packages must be renamed
to Patch_XP.exe
(for Windows XP), Patch_W2K.exe (for Windows 2000), and
Patch_W2K3.exe (for Windows Server 2003).
- You can modify the Patchinstall.vbs script to install other patches.
MORE INFORMATION The Patchinstall.vbs script performs these tasks: - The script reads a list of IP addresses for the remote host computers where you want to install the 824146 or the 823980 security patch. The script obtains this list from an ASCII text file (Ipfile.txt) that contains a list of IP address (one IP address per line). For example, you can use the Vulnerable.txt log file from the KB824146 scanning tool for the Ipfile.txt file.
- The script obtains the first IP address from the list.
- The script determines the Windows version on the destination computer.
- The script maps drive Z on the script computer to C$ on the destination computer.
- The script copies the correct version of the patch (for Windows XP, Windows 2000, or Windows Server 2003) to C:\Patchinst.exe on the destination computer (by using the drive Z mapping).
- The script causes the patch to be installed, and then automatically restarts the destination computers without any user input or dialog boxes by using the -q -f switches (Unattended installation mode).
- The script waits for the installation to complete.
- The script tries to delete the C:\Patchinst.exe file on the destination computer.
- The script removes the drive Z mapping.
- The script processes the next IP address in the list.
Important Microsoft recommends that you modify this sample script for your network environment, and that you then test your script in a test environment before you use it in a production environment. To use the Patchinstall.vbs script, paste the following script in a text file that is named Patchinstall.vbs. Then, run the Patchinstall.vbs script by using the following command line: cscript patchinstall.vbs Ipfile.txt LocalPathToPatches
In this command, Ipfile.txt is a text file that contains a list of IP addresses for the remote host computers where you want to install the 824146 or the 823980 security patch. LocalPathToPatches is the full path of a folder that contains the 824146 or the 823980 security patch packages (renamed to Patch_XP.exe
for Windows XP, Patch_W2k.exe for Windows 2000, and Patch_W2k3.exe for Windows Server 2003). The Patchinstall.vbs ScriptMicrosoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements. ' Patchinstall.vbs
' Patch installation script for MS03-026 and MS03-039
' (c) Microsoft 2003
' v1.03 cl
on error resume next
const XP_Patch = "Patch_XP.exe"
const W2k_Patch = "Patch_W2k.exe"
const W2k3_Patch = "Patch_W2k3.exe"
If right(ucase(wscript.FullName),11)="WSCRIPT.EXE" then
wscript.echo "ERROR: You must run this script using cscript, for example 'cscript " & wscript.scriptname & "'."
wscript.quit 0
end if
' USAGE
if wscript.arguments.count <> 2 then
wscript.echo "Usage: cscript " & wscript.scriptname & " <IpFile.txt> <LocalPathToPatches>" & vbCrLf & vbCrLf & _
" <LocalPathToPatches> must be a full path of a folder that contains all of these files:" & vbCrLf & _
" " & XP_Patch & vbCrLf & _
" " & W2k_Patch & vbCrLf & _
" " & W2k3_Patch
wscript.quit
end if
ipFile = wscript.arguments(0)
localPathToPatches = wscript.arguments(1)
set onet = createobject("wscript.network")
set ofs = createobject("scripting.filesystemobject")
' Verify that ipfile is accessible.
set oipFile = ofs.opentextfile(ipFile, 1, false)
if (Err.Number <> 0) then
wscript.echo "Cannot open " & ipFile
wscript.quit
end if
' Make sure to end with a \ character.
if right(localPathToPatches, 1) <> "\" then
localPathToPatches = localPathToPatches & "\"
end if
'Note that cim_datafile does not support UNC paths
'so everything must be handled through mapped drives.
if left(localPathToPatches, 2) = "\\" then
wscript.echo "<pathToExecutable> cannot be a UNC path, please map a drive locally"
wscript.quit
end if
exeWinXP = ofs.getfile(localPathToPatches + XP_Patch).name
exeW2k = ofs.getfile(localPathToPatches + W2k_Patch).name
exeW2k3 = ofs.getfile(localPathToPatches + W2k3_Patch).name
' Verify that the patches are accessible.
if ((len(exeWinXP) = 0) OR (len(exeW2k) = 0) OR (len(exeW2k3) = 0)) then
wscript.echo "Cannot find patch files."
wscript.echo "Please verify that the <LocalPathToPatches> folder contains all of these files:" & vbCrLf & _
" " & XP_Patch & vbCrLf & _
" " & W2k_Patch & vbCrLf & _
" " & W2k3_Patch
wscript.quit
end if
set osvcLocal = getobject("winmgmts:root\cimv2")
'The error-handling code is below the function that may throw one - execute it.
on error resume next
while not oipFile.atEndOfStream
ip = oipFile.ReadLine()
wscript.echo vbCrLf & "Connecting to " & ip & "..."
Err.Clear
set osvcRemote = GetObject("winmgmts:\\" & ip & "\root\cimv2")
if (Err.Number <> 0) then
wscript.echo "Failed to connect to " & ip & "."
else
exeCorrectPatch = detectOSPatch(osvcRemote)
if (exeCorrectPatch <> "") then
' Lay the bits on the remote computer.
wscript.echo "Installing patch " & exeCorrectPatch & "..."
onet.mapnetworkdrive "z:", "\\" & ip & "\C$"
set osourceFile = osvcLocal.get("cim_datafile=""" & replace(localPathToPatches, "\", "\\") & exeCorrectPatch & """")
ret = osourceFile.Copy("z:\\Patchinst.exe")
if (ret <> 0 and ret <> 10) then
' Failure detected and failure was not "file already exists."
wscript.echo "Failed copy to " & ip & " - error: " & ret
else
set oprocess = osvcRemote.Get("win32_process")
' Start the installation without user interaction, and force a restart after completion.
ret = oprocess.create("c:\\Patchinst.exe -q -f")
if (ret <> 0) then
wscript.echo "Failed to start process on " & ip & ": " & ret
else
' Get a reference to the file that was copied.
set odestFile = osvcLocal.get("cim_datafile=""z:\\Patchinst.exe""")
' Wait for the installation to complete.
for waitTime = 0 to 120 ' Lay and wait--up to two minutes for the installation to complete.
wscript.Sleep 1000 ' Sleep one second.
' Delete temporary file as soon as possible after it is freed.
if (odestFile.Delete() = 0) then
exit for
end if
next ' Otherwise, loop again and keep waiting...
wscript.echo "Installation successful."
end if 'Create process succeeded.
end if 'Copy succeeded.
onet.removenetworkdrive "z:", true
end if ' The script knows which patch to install.
end if ' Do the next IP address, then the next IP address...
wend
oipFile.close()
'Clean up, remove drive mapping (check this time, because it may not have been mapped).
if ofs.folderexists("z:\") then
onet.removenetworkdrive "z:", true
end if
wscript.echo vbCrLf & "Patching complete. Exiting."
function detectOSPatch(osvcRemote)
set oOSInfo = osvcRemote.InstancesOf("Win32_OperatingSystem")
'Only one instance is ever returned (the currently active OS), even though the following is a foreach.
for each objOperatingSystem in oOSInfo
if (objOperatingSystem.OSType <> 18) then
' Make sure that this computer is Windows NT-based.
wscript.echo ip & " is not a Windows XP, Windows 2000, or Windows 2003 Server computer."
else
if (objOperatingSystem.Version = "5.0.2195") then
' Windows 2000 SP2, SP3, SP4.
if (objOperatingSystem.ServicePackMajorVersion = 2) or (objOperatingSystem.ServicePackMajorVersion = 3) or _
(objOperatingSystem.ServicePackMajorVersion = 4) then
systemType = exeW2k
end if
elseif (objOperatingSystem.Version = "5.1.2600") then
' Windows XP RTM, SP1.
if (objOperatingSystem.ServicePackMajorVersion = 0) or (objOperatingSystem.ServicePackMajorVersion = 1) then
systemType = exeWinXP
end if
elseif (objOperatingSystem.Version = "5.2.3790") then
' Windows Server 2003 RTM
if (objOperatingSystem.ServicePackMajorVersion = 0) then
systemType = exeW2k3
end if
end if
if (systemType = "") then
'This was a Windows NT-based computer, but not with a valid service pack.
wscript.echo "Could not patch " & ip & " - unhandled OS version: " & objOperatingSystem.Caption & " SP" & _
objOperatingSystem.ServicePackMajorVersion & "("& objOperatingSystem.Version & ")"
end if
end if
next
detectOSPatch = systemType
end function
Modification Type: | Minor | Last Reviewed: | 7/11/2005 |
---|
Keywords: | kbinfo KB827227 |
---|
|
|
©2004 Microsoft Corporation. All rights reserved.
|
|