top of page

PowerShell | Windows Update Cumulative Patch Review

Monthly Cumulative Updates (CUs) for Windows are essential for maintaining the security, stability, and performance of Windows operating systems. These updates are released by Microsoft on the second Tuesday of each month, known as "Patch Tuesday." Here’s an overview of what Monthly Cumulative Updates entail:

What Are Cumulative Updates?

Cumulative Updates are comprehensive packages that include all previously released fixes and improvements for the Windows operating system. Each Cumulative Update is superseding the previous one, meaning that installing the latest update brings the system up to date with all patches and fixes.​​

Best Practices

  1. Test Updates:

    • Always test updates in a staging environment before deploying them to production systems to ensure compatibility and stability.

  2. Regular Backups:

    • Maintain regular backups of critical systems and data before applying updates to mitigate the risk of potential issues.

  3. Review Patch Notes:

    • Review the release notes for each update to understand the changes and fixes included, and to identify any known issues.

  4. Plan for Downtime:

    • Schedule updates during maintenance windows to minimize disruption to users and services.

Computer User doing PowerShell

Check  for Installed Cumulative Patch

              PowerShell Script to Check Systems for Monthly Cummulative Patch
            Required -  Set KB For Month Checking

            Required -  Administrative Access to Systems 

            Import From TxT File and Check OS Via Active Directory

            Check Each System for Installed Patch

            Export Results Corresponding By Operating Sytstem


           Scott Head



$All += Get-Content C:\temp\ComputerList.txt

$Pinged+=  $All | % {new-object psobject -Property @{Computername=$_; Reachable=(test-connection -ComputerName $_ -Quiet -Count 1)}} | Where-Object {$_.Reachable -eq "True"} | Select -ExpandProperty ComputerName -ErrorVariable A -ErrorAction SilentlyContinue

$WIN10 = @()

$WIN2012 = @()

$WIN2016 = @()

$WIN2019 = @()

$WIN2022 = @()

Foreach($Comp in $Pinged){

    $WIN10+=Get-ADComputer $Comp -Properties * | Where{$_.OperatingSystem -like "Windows 10*"} | Select -ExpandProperty Name

    $WIN2012+=Get-ADComputer $Comp -Properties * | Where{$_.OperatingSystem -like "Windows Server 2012*"} | Select -ExpandProperty Name

    $WIN2016+=Get-ADComputer $Comp -Properties * | Where{$_.OperatingSystem -like "Windows Server 2016*"} | Select -ExpandProperty Name

    $WIN2019+=Get-ADComputer $Comp -Properties * | Where{$_.OperatingSystem -like "Windows Server 2019*"} | Select -ExpandProperty Name

    $WIN2022+=Get-ADComputer $Comp -Properties * | Where{$_.OperatingSystem -like "Windows Server 2022*"} | Select -ExpandProperty Name



Write-Host "`n------------------------------------------Windows 10-------------------------------------------------------"

#Windows 10 KB

Invoke-Command -ComputerName $WIN10 -ScriptBlock {

    Get-HotFix KB5023696 -ErrorAction SilentlyContinue -ErrorVariable ScottsError

    if($ScottsError -ne ""){"Error on -$Env:Computername"}

}  | Tee-Object C:\temp\SYS-10.txt

Write-Host "`n-----------------------------------------Windows Server 2016-----------------------------------------------"

#WIN 2106 KB

Invoke-Command -ComputerName $WIN2016 -ScriptBlock {

  Get-HotFix KB5023697 -ErrorAction SilentlyContinue -ErrorVariable ScottsError

    if($ScottsError -ne ""){"Error on -$Env:Computername"}

}  | Tee-Object C:\temp\SYS-2016.txt

Write-Host "`n-----------------------------------------Windows Server 2019------------------------------------------------"

#WIN 2019 KB

Invoke-Command -ComputerName $WIN2019 -ScriptBlock {

  Get-HotFix KB5023702 -ErrorAction SilentlyContinue -ErrorVariable ScottsError

    if($ScottsError -ne ""){"Error on -$Env:Computername"}

}  | Tee-Object C:\temp\SYS-2019.txt

Write-Host "`n-----------------------------------------Windows Server 2022-----------------------------------------------"

#WIN 2022 KB

Invoke-Command -ComputerName $WIN2022 -ScriptBlock {

  Get-HotFix KB5023705 -ErrorAction SilentlyContinue -ErrorVariable ScottsError

    if($ScottsError -ne ""){"Error on -$Env:Computername"}

}  | Tee-Object C:\temp\SYS-2022.txt

bottom of page