'SAXPAR.vbs -- Security Analyzer Xml PARser.vbs -- run MBSACLI.EXE with the /xmlout ' parameter and produce a readable text file in Unicode format ' 'DO NOT REMOVE THIS HEADER! ' 'Copyright Andrew ARONOFF 28 September 2010, http://www.silentrunners.org/ 'This script is provided without any warranty, either express or implied 'It may not be copied or distributed without permission ' '** YOU RUN THIS SCRIPT AT YOUR OWN RISK! ** 'HEADER ENDS HERE Option Explicit Dim strRevNo : strRevNo = "09" 'INSTRUCTIONS: ' ' Two files, "mbsacli.exe" and "wusscan.dll", must be located in the same ' directory as the script. These files can be obtained by installing ' "Microsoft Base Security Analyzer 2.2" (MBSA), available here: ' http://bit.ly/9m95Si ' ' The two files will be located in the main MBSA directory. After they ' are copied for use with this script, MBSA can be uninstalled. ' ' A single (optional) command line parameter is permitted -- a path for the report file ' ' There are 12 _optional_ parameters (assigned below): ' ' 1. report directory -- this can be overridden by the command line parameter ' 2. minimum severity level for missing hotfixes ' 3. directory for local catalog file "wsusscn2.cab" -- use of the local ' catalog file eliminates the need for an Internet connection ' 4. display of status and error messages ' 5. send report by e-mail ' ** parameters 6-12 are ignored if the report is not sent by e-mail ** ' 6. use of SMTP authentification ' 7. use of Gmail SMTP ' 8. sender e-mail address ' 9. recipient e-mail address ' 10. the SMTP server name, if Gmail is not used ' 11-12. the username and password if SMTP authentification or Gmail is used ' To run this script as a Scheduled Task, set the message display parameter (#4) ' to False and point the Task Scheduler to the script. ' ' The "Automatic Updates" service can be in any state. The initial state will be ' restored (unless the script aborts). '==========START PARAMETER SECTION========== '1 report directory -- terminating backslash is optional, must be enclosed in quotes Dim strReportDir : strReportDir = "" '2 minimum severity level reported -- integer (use no quotes) ' 0: default, all missing hotfixes listed ' 1: Low, Moderate, Important, and Critical severities listed ' 2: Moderate, Important and Critical severities listed ' 3: Important and Critical severities listed ' 4: Critical severity listed Dim intMinSeverity : intMinSeverity = 0 '3. directory for local catalog file "wsusscn2.cab" -- ' terminating backslash is optional, must be enclosed in quotes ' The script directory can be designated with a quote-enclosed dot: "." Dim strCabFileDir : strCabFileDir = "" '4 display status and error messages? -- True or False (use no quotes) Dim logDisplayMsgs : logDisplayMsgs = True '5 send report by e-mail? -- True or False (use no quotes) Dim logEmailRpt : logEmailRpt = False '<<<<<<<<<< 'parameters 6 - 12 are ignored if logEmailRpt = false '>>>>>>>>>> '6 use SMTP authentication? -- True or False (use no quotes) Dim logSMTPAuth : logSMTPAuth = False '7 use Gmail SMTP? -- True or False (use no quotes) Dim logUseGmail : logUseGmail = False '8 sender e-mail address -- enclose in quotes ' address may be in format: "FName LName " Dim strSenderEMA : strSenderEMA = "" '9 destination e-mail address -- enclose in quotes ' address may be in format: "FName LName " Dim strDestEMA : strDestEMA = "" '10 vanilla SMTP server name -- enclose in quotes -- ' can be left blank if Gmail SMTP server used Dim strSMTPServer : strSMTPServer = "" '11 User ID for SMTP authentification/Gmail -- enclose in quotes Dim strUserID : strUserID = "" '12 Password for SMTP authentication/Gmail -- enclose in quotes Dim strUserPW : strUserPW = "" '===========END PARAMETER SECTION=========== Dim flagTest flagTest = False 'flagTest = True 'uncomment to skip MBSACLI.EXE execution 'check e-mail configuration If Not logEmailRpt Then logUseGmail = False 'disable Gmail if e-mail not used If logSMTPAuth And logUseGmail Then logUseGmail = False 'disable Gmail if SMTP auth used If logUseGmail Then strDestEMA = strUserID & "@gmail.com" 'if Gmail used, form destination EMA from UserID 'Objects Dim Wshso : Set Wshso = WScript.CreateObject("WScript.Shell") Dim Fso : Set Fso = CreateObject("Scripting.FileSystemObject") Dim WshoArgs : Set WshoArgs = WScript.Arguments 'Registry, OS collection, OS, Windows Update service collection, 'WU service, output file, temp file, std err file, XML output file, 'uninstalled hotfix collection, uninstalled hotfix Dim oReg, colOS, oOS, colWUS, oWUS, oTxtFi, oTempFi, oSEFi, oXMLFi, oHFColl, oHF 'MS Product collection, MS Product object, SelectSingleNode string, Script Exec, Shell Application Dim oMSPColl, oMSP, strSSN, oExec, oShellApp Dim oNetwk : Set oNetwk = WScript.CreateObject("WScript.Network") 'Strings 'output string, line from text file, Script Path, registry location, string buffer, e-mail msg text Dim strOut, strLine, ScrPath, strRegLoc, strBuffer, strMsg 'XML file name, std err file name, output file name, 'Auto Updates service start mode Dim strXMLFN, strXMLErrFN, strTxtFN, strAUStartMode Dim strOSlc 'OS name in lower case Dim strTxtFNPath : strTxtFNPath = "" 'report file path Dim strArg : strArg = "" 'WshoArg(0) Dim strParam : strParam = "" 'MBSACLI.EXE command line parameters Dim strRDEM : strRDEM = "" 'Report Directory Error Message Dim strLCEM : strLCEM = "" 'Local Cab Error Message Dim strMinSeverity : strMinSeverity = "" 'minimum severity title Dim strStdErr : strStdErr = "" 'StdErr string Dim strErrDesc 'Err description Dim strTempFN, strTempFC 'temp file name, temp file contents Dim strFPSF : strFPSF = Fso.GetSpecialFolder(SysFolder).Path 'FullPathSystemFolder 'Integers 'counter, error number, hotfix Type number, hotfix Severity number Dim i, intErrNum, intType, intSeverity Dim intHFCnt : intHFCnt = 0 'uninstalled hotfix counter Dim intPosn 'positioning variable 'convert to integer if not already done intMinSeverity = CInt(intMinSeverity) 'Date Dim datNow : datNow = Now 'script launch time Select Case intMinSeverity Case 0 : strMinSeverity = "(All missing hotfixes listed)" Case 1 : strMinSeverity = "(Low, Moderate, Important, and Critical severities listed)" Case 2 : strMinSeverity = "(Moderate, Important and Critical severities listed)" Case 3 : strMinSeverity = "(Important and Critical severities listed)" Case 4 : strMinSeverity = "(Critical severity listed)" End Select 'Logical (Boolean)/flags 'WScript/CScript flag, registry access flag, Auto Updates service started 'OS is Vista or Windows 7, std error contains Windows Update Agent Result Code 'script running with elevated privileges Dim flagOut, flagAccess, logAUStarted Dim flagVaW7 : flagVaW7 = False Dim flagWUARC : flagWUARC = False Dim flagElevated : flagElevated = False 'Constants Const HKLM = &H80000002, KQV = &H1, KSV = &H2, DQ = """", SysFolder = 1, WinFolder = 0 'CDO SMTP configuration parameters Const cdoSendUsingMethod = "http://schemas.microsoft.com/cdo/configuration/sendusing" Const cdoSendUsingPort = 2 Const cdoSMTPServer = "http://schemas.microsoft.com/cdo/configuration/smtpserver" Const cdoSMTPAuthenticate = "http://schemas.microsoft.com/cdo/configuration/smtpauthenticate" Const cdoSMTPServerPort = "http://schemas.microsoft.com/cdo/configuration/smtpserverport" Const cdoSMTPConnectionTimeout = "http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout" Const cdoSMTPUseSSL = "http://schemas.microsoft.com/cdo/configuration/smtpusessl" Const cdoSendUserName = "http://schemas.microsoft.com/cdo/configuration/sendusername" Const cdoSendPassword = "http://schemas.microsoft.com/cdo/configuration/sendpassword" 'was the script launched via WSCRIPT.EXE or CSCRIPT.EXE? If InStr(LCase(WScript.FullName),"wscript.exe") > 0 Then flagOut = "W" 'WScript ElseIf InStr(LCase(WScript.FullName),"cscript.exe") > 0 Then flagOut = "C" 'CScript Else 'echo and continue if it works flagOut = "C" 'assume CScript-compatible If logDisplayMsgs Then WScript.Echo "Neither " & DQ & "WSCRIPT.EXE" & DQ & " nor " &_ DQ & "CSCRIPT.EXE" & DQ & " was detected as " &_ "the script host." & vbCRLF & "This script" &_ " will assume that the script host is CSCRIPT-compatible and will" &_ vbCRLF & "use WScript.Echo for all messages." End If 'DisplayMsgs? End If 'script host 'use script directory for MBSACLI.EXE location and .XML output ScrPath = Fso.GetParentFolderName(WScript.ScriptFullName) 'add trailing backslash to ScrPath if needed If Right(Trim(ScrPath),1) <> "\" Then ScrPath = ScrPath & "\" strTxtFNPath = ScrPath 'report file output is script dir by default 'check for "wsusscn2.cab" in directory provided as script parameter If strCabFileDir <> "" Then If strCabFileDir = "." Then strCabFileDir = ScrPath 'add trailing backslash to cab file directory if needed If Right(Trim(strCabFileDir),1) <> "\" Then strCabFileDir = strCabFileDir & "\" 'fill parameter string if local cab file found 'the /nvc (no version check) and /nd (no download) parameters do not 'appear to have any effect If Fso.FileExists(strCabFileDir & "wsusscn2.cab") Then strParam = " /catalog " & DQ & strCabFileDir & "wsusscn2.cab" & DQ &_ " /nvc /nd" Else strLCEM = "The catalog file " & DQ & "wsusscn2.cab" & DQ &_ " cannot be found in the directory provided as a" & vbCRLF &_ "script parameter: " & DQ & strCabFileDir & DQ & vbCRLF &_ "The cab file will be downloaded to:" &_ vbCRLF & DQ & Wshso.ExpandEnvironmentStrings("%UserProfile%") &_ "\Local Settings\Application Data\Microsoft\MBSA\Cache\" & DQ End If 'cab file exists in directory? End If 'strCabFileDir not MT? If strReportDir <> "" Then If Fso.FolderExists(strReportDir) Then strTxtFNPath = strReportDir Else strRDEM = "The report file directory " & DQ & strReportDir & DQ &_ " provided as a script parameter cannot be found." &_ vbCRLF & "The report file will be placed in the " &_ "script directory: " & DQ & ScrPath & DQ End If 'FolderExists? End If 'strReportDir Not MT? 'add backslash to report directory If Right(Trim(strTxtFNPath),1) <> "\" Then strTxtFNPath = strTxtFNPath & "\" 'test for presence of MBSACLI.EXE & WUSSCAN.DLL If Not Fso.FileExists(ScrPath & "mbsacli.exe") Or _ Not Fso.FileExists(ScrPath & "wusscan.dll") Then If logDisplayMsgs Then If flagOut = "W" Then MsgBox "This script must be located in the same directory as" &_ vbCRLF & "MBSACLI.EXE and WUSSCAN.DLL.", _ vbOKOnly + vbCritical + vbSystemModal,"Wrong Directory!" Else WScript.Echo "This script must be located in the same directory as" &_ vbCRLF & "MBSACLI.EXE and WUSSCAN.DLL." End If End If 'DisplayMsgs? WScript.Quit End If 'check the O/S Set colOS = GetObject("winmgmts:\root\cimv2").ExecQuery _ ("Select * from Win32_OperatingSystem") For Each oOS in colOS strOSlc = LCase(oOS.Name) If InStr(strOSlc,"windows 2000") = 0 And _ InStr(strOSlc,"windows xp") = 0 And _ InStr(strOSlc,"windows server 2003") = 0 And _ InStr(strOSlc,"windows server 2008") = 0 And _ InStr(strOSlc,"windows server® 2008") = 0 And _ InStr(strOSlc,"vista") = 0 And _ InStr(strOSlc,"windows" & Chr(160) & "7") = 0 Then If logDisplayMsgs Then If flagOut = "W" Then MsgBox "This script can only be run under Windows 2000, Windows 2000 Server," &_ vbCRLF &_ "XP, Windows Server 2003, Vista, Windows 7 or Windows Server 2008.", _ vbOKOnly + vbCritical + vbSystemModal,"Wrong OS!" Else WScript.Echo "This script can only be run under Windows 2000, " &_ "XP, Windows Server 2003," & vbCRLF & "Vista, Windows 7, or Windows Server 2008." End If End If 'DisplayMsgs? WScript.Quit End If 'allowed OS? 'test for elevated privileges in WVa & Wn7 If InStr(strOSlc,"vista") <> 0 Or _ InStr(strOSlc, "windows" & Chr(160) & "7") <> 0 Then flagVaW7 = True 'check for existence of whoami.exe If Not Fso.FileExists (strFPSF & "\whoami.exe") Then MsgBox "The Windows file " & DQ & "WHOAMI.EXE" & DQ &_ " cannot be found," & vbCRLF &_ "but it is necessary for proper function of this script." &_ vbCRLF & vbCRLF & "This script must exit.", _ vbOKOnly + vbCritical + vbSystemModal, _ "WHOAMI.EXE not found!" WScript.Quit End If 'form temp file name in temp directory strTempFN = Wshso.ExpandEnvironmentStrings("%TEMP%") & "\" & Fso.GetTempName 'run "whoami" hidden Wshso.Run "cmd.exe /C whoami /groups > " & strTempFN,0,True 'if whoami output redirected to temp file If Fso.FileExists(strTempFN) Then 'open and read the temp file Set oTempFi = Fso.OpenTextFile(strTempFN,1,False) strTempFC = oTempFi.ReadAll 'check temp file contents for elev priv If InStr(strTempFC, "S-1-16-12288") <> 0 Then flagElevated = True 'close and delete the temp file oTempFi.Close : Fso.DeleteFile(strTempFN) Else 'temp file not found MsgBox "The results of " & DQ & "WHOAMI.EXE" & DQ &_ " cannot be located," & vbCRLF &_ "but they are essential for continuation of this script." &_ vbCRLF & vbCRLF & "This script must exit.", _ vbOKOnly + vbCritical + vbSystemModal, _ "WHOAMI.EXE results file not found!" WScript.Quit End If 'FileExists? End If 'WVa/Wn7? Exit For 'exit after first OS element in collection Next 'OS Set colOS=Nothing 'prepare script argument for Shell.Execute If WshoArgs.count > 0 Then strArg = Space(1) & Trim(WshoArgs(0)) 'if WVa/Wn7 w/o elevated privileges, 'launch re-entry via Shell.Execute with runas If flagVaW7 And Not flagElevated Then Set oShellApp = CreateObject("Shell.Application") oShellApp.ShellExecute "wscript.exe", DQ & _ WScript.ScriptFullName & DQ & strArg, "", "runas", 1 WScript.Quit End If 'WVa/Wn7 w/o elevated priv? 'check for Admin rights strRegLoc = "System\CurrentControlSet\Control\Session Manager" Set oReg = GetObject("winmgmts:root\default:StdRegProv") intErrNum = oReg.CheckAccess(HKLM,strRegLoc,KQV + KSV,flagAccess) Set oReg=Nothing 'if can't read & write to Session Manager, 'say Admin rights are needed & quit If Not flagAccess Then If logDisplayMsgs Then If flagOut = "W" Then MsgBox "This script must be run as an Administrator.", _ vbOKOnly + vbCritical + vbSystemModal,"Not an Admin!" Else WScript.Echo "This script must be run as an Administrator." End If End If 'DisplayMsgs? WScript.Quit End If 'flagAccess? strXMLFN = "SAXPAR Results.xml" strXMLErrFN = "SAXPAR StdErr.txt" strTxtFN = "SAXPAR Results (" & oNetwk.ComputerName & ") " &_ Year(datNow) & "-" & Right("0" & Month(datNow),2) & "-" &_ Right("0" & Day(datNow),2) & " " &_ Right("0" & Hour(datNow),2) & "." & Right("0" & Minute(datNow),2) &_ "." & Right("0" & Second(datNow),2) & ".txt" Set oNetwk=Nothing 'find the status of Automatic Updates Set colWUS = GetObject("winmgmts:").ExecQuery("SELECT * FROM " &_ "Win32_Service WHERE Name = 'wuauserv'") 'save started state (T/F) & StartMode For Each oWUS In colWUS : logAUStarted = oWUS.Started strAUStartMode = oWUS.StartMode : Next 'if StartMode disabled, set to Manual If LCase(strAUStartMode) = "disabled" Then For Each oWUS In colWUS : oWUS.ChangeStartMode("Manual") : Next End If 'run mbsacli.exe If logDisplayMsgs Then If flagOut = "W" Then Wshso.Popup "MBSACLI.EXE will now be launched." & vbCRLF &_ "This may take several minutes.",2,"SAXPAR R" & strRevNo & " Launch", _ vbOKOnly + vbInformation + vbSystemModal Else WScript.Echo "MBSACLI.EXE will now be launched." & vbCRLF &_ "This may take several minutes." & vbCRLF End If End If 'DisplayMsgs? '_entire_ command line surrounded in quotes to handle ScrPath LFN If Not flagTest Then Wshso.Run "%comspec% /C " & DQ &_ DQ & ScrPath & "mbsacli.exe" & DQ & " /xmlout /unicode > " &_ DQ & ScrPath & strXMLFN & DQ & strParam &_ " 2> " & DQ & ScrPath & strXMLErrFN & DQ & DQ,0,True 'reset the Automatic Updates service to initial started state If Not logAUStarted Then For Each oWUS In colWUS : oWUS.StopService : Next End If 'reset to Disabled if this was initial StartMode If strAUStartMode = "Disabled" Then For Each oWUS In colWUS : oWUS.ChangeStartMode("Disabled") : Next End If Set oWUS=Nothing : Set colWUS=Nothing 'assign report file directory to script argument, 'script parameter or script directory 'if argument not MT, check for directory If strArg <> "" Then 'if directory exists, assign report path If Fso.FolderExists(strArg) Then strTxtFNPath = strArg : strRDEM = "" 'append backslash if not already present If Right(strTxtFNPath,1) <> "\" Then _ strTxtFNPath = strTxtFNPath & "\" Else 'argument folder not found If strRDEM = "" Then 'script parameter directory found strRDEM = "The report file directory " & DQ & strArg & DQ &_ " provided as a script argument cannot be found." If strReportDir = "" Then 'parameter for script directory empty strRDEM = strRDEM & vbCRLF & "The report will be placed in " &_ "the same directory as the script: " & ScrPath Else 'parameter for script directory !MT strRDEM = strRDEM & vbCRLF & "The report will be placed in " &_ "the directory " & DQ & strReportDir & DQ & " provided as a script parameter." End If 'strReportDir MT? Else 'script parameter directory not found strRDEM = "The report file directory " & DQ & strArg & DQ &_ " provided as a script argument cannot be found." &_ vbCRLF & strRDEM End If 'script parameter directory found? End If 'folder exists? End If 'strArg Not MT? 'create output text file (do not surround path\filename in quotes) 'for writing,create,Unicode format Set oTxtFi = Fso.OpenTextFile(strTxtFNPath & strTxtFN,2,True,-1) 'add script ID oTxtFi.WriteLine DQ & "SAXPAR.vbs" & DQ & " (Security Analyzer Xml PARser), " &_ "revision " & strRevNo & ", http://www.silentrunners.org/" & vbNewLine & vbNewLine strBuffer = "" : strMsg = "" 'open StdErr FN and output results after first 4 lines to oTxtFi Set oSEFi = Fso.OpenTextFile(ScrPath & strXMLErrFN,1,False,-1) 'skip first 4 lines of StdErr file, detect error if < 4 lines present On Error Resume Next For i = 1 To 4 : strStdErr = strStdErr & oSEFi.ReadLine : Next intErrNum = Err.Number : Err.Clear On Error Goto 0 If InStr(LCase(strStdErr),"version 2.0") > 0 Then strOut = "MBSACLI.EXE (Version 2.0) is obsolete and " &_ "is incompatible with SAXPAR.vbs." & vbNewLine &_ "Update to Version 2.2 here: http://bit.ly/9m95Si" & vbNewLine End If If intErrNum <> 0 Then strOut = "Truncated output" Else 'capture remaining lines for transfer to output file Do Until oSEFi.AtEndOfStream strLine = oSEFi.ReadLine If Trim(strLine) <> "" Then 'skip blank lines If strOut <> "" Then strOut = strOut & vbNewLine & strLine Else strOut = strLine End If 'look for result code (0x########) & toggle flag If InStr(strLine,"(0x") <> 0 Then flagWUARC = True End If Loop 'if result code in error, add URL If flagWUARC Then strOut = strOut & vbNewLine & vbNewLine & vbNewLine &_ "FYI, Windows Update Agent Result Codes may be consulted here:" & vbNewLine &_ "http://technet.microsoft.com/en-us/library/cc720442(WS.10).aspx" End If oSEFi.Close : Set oSEFi=Nothing 'if error string exists, output to file, display & quit If strOut <> "" Then strBuffer = "MBSACLI.EXE error:" & vbNewLine & vbNewLine & strOut oTxtFi.WriteLine strBuffer : strMsg = strMsg & strBuffer oTxtFi.Close : Set oTxtFi=Nothing If logDisplayMsgs Then If flagOut = "W" Then MsgBox "MBSACLI.EXE failed due to the following error:" & vbNewLine &_ vbNewLine & strOut,vbOKOnly + vbCritical + vbSystemModal, _ "MBSACLI Failure!" Else WScript.Echo "MBSACLI.EXE failed due to the following error:" & vbNewLine &_ strOut End If End If 'DisplayMsgs? WScript.Quit End If 'say that MBSACLI is done If logDisplayMsgs Then If flagOut = "W" Then Wshso.Popup "MBSACLI.EXE has finished." & vbCRLF &_ "The XML file will now be translated to text." & vbCRLF &_ "The results will be opened in Notepad.", _ 3,"XML >> TXT", vbOKOnly + vbInformation + vbSystemModal Else WScript.Echo "MBSACLI.EXE has finished." & vbCRLF &_ "The XML file will now be translated to text and opened in Notepad." End If End If 'DisplayMsgs? 'create XML document Set oXMLFi = CreateObject("MSXML2.DOMDocument") oXMLFi.Load ScrPath & strXMLFN 'load XML output file 'check for XML syntax errors If oXMLFi.ParseError.ErrorCode <> 0 Then strBuffer = "Error number " & oXMLFi.ParseError.ErrorCode &_ " in XML file:" & vbNewLine & DQ & ScrPath & strXMLFN &_ DQ & vbNewLine & vbNewLine &_ "Error Description:" & vbNewLine &_ oXMLFi.ParseError.Reason & vbNewLine & vbNewLine &_ "(Note: This may not be the only error.)" oTxtFi.WriteLine strBuffer : strMsg = strMsg & strBuffer If logDisplayMsgs Then If flagOut = "W" Then MsgBox "MBSACLI failed due to an error in the XML output file:" &_ vbCRLF & DQ & ScrPath & strXMLFN & DQ,_ vbOKOnly + vbCritical + vbSystemModal,"MBSACLI XML Error!" Else WScript.Echo "MBSACLI failed due to an error in the XML output file:" &_ vbCRLF & DQ & ScrPath & strXMLFN & DQ End If End If 'DisplayMsgs? WScript.Quit End If 'start normal output 'output local cab file error If strLCEM <> "" Then oTxtFi.WriteLine strLCEM & vbNewLine strMsg = strMsg & strLCEM & vbNewLine & vbNewLine End If 'output report file directory errors If strRDEM <> "" Then oTxtFi.WriteLine strRDEM & vbNewLine strMsg = strMsg & strRDEM & vbNewLine & vbNewLine End If intPosn = (72-Len(strMinSeverity))/2 strBuffer = Space(27) & "Missing Hotfixes" & vbCRLF &_ Space(27) & String(16,"-") oTxtFi.WriteLine strBuffer : strMsg = strMsg & strBuffer strBuffer = Space(intPosn) & strMinSeverity oTxtFi.WriteLine strBuffer : strMsg = strMsg & vbNewLine & strBuffer 'select all "Check" nodes containing MS Product categories Set oMSPColl = oXMLFi.SelectNodes("//Check") 'for each product category For Each oMSP in oMSPColl 'write category name and number of missing updates strBuffer = vbNewLine & "Product Update Category: " & oMSP.GetAttribute("Name") & vbCRLF &_ Space(15) & "Status : " & oMSP.SelectSingleNode("Advice").text oTxtFi.WriteLine strBuffer : strMsg = strMsg & vbNewLine & strBuffer 'assign missing updates strSSN = oMSP.SelectSingleNode("Advice").text 'if updates missing If strSSN <> "No security updates are missing." Then 'select collection of uninstalled hotfixes for this product category Set oHFColl = oMSP.SelectNodes("Detail/UpdateData[@IsInstalled='false' and @Severity>='" & intMinSeverity & "']") 'for each uninstalled hotfix For Each oHF in oHFColl 'increment the count (line number) intHFCnt = intHFCnt + 1 : strOut = "" 'add line number & title strOut = vbNewLine & intHFCnt & ". " &_ RtnOutputStr("","oHF.SelectSingleNode(""Title"").text","", _ "(no title)") & vbNewLine 'add Bulletin ID strOut = strOut & RtnOutputStr("","oHF.GetAttribute(""BulletinID"")", _ " ","") 'add KBID strOut = RTrim(strOut & RtnOutputStr("","oHF.GetAttribute(""KBID"")", _ "","")) 'add Type intType = CInt(RtnOutputStr("","oHF.GetAttribute(""Type"")","","0")) Select Case intType Case 1 : strOut = strOut & ", Security Update" Case 2 : strOut = strOut & ", Service Pack" Case 3 : strOut = strOut & ", Update Rollup" End Select 'add Severity intSeverity = CInt(RtnOutputStr("","oHF.GetAttribute(""Severity"")", _ "","5")) Select Case intSeverity Case 4 : strOut = strOut & ", Maximum Severity: Critical" Case 3 : strOut = strOut & ", Maximum Severity: Important" Case 2 : strOut = strOut & ", Maximum Severity: Moderate" Case 1 : strOut = strOut & ", Maximum Severity: Low" Case 0 : strOut = strOut & ", Maximum Severity: (no rating)" End Select 'add Bulletin URL & Download URL strOut = strOut & RtnOutputStr(vbNewLine & "Security Bulletin URL: ", _ "oHF.SelectSingleNode(""References/BulletinURL"").text","","") strOut = strOut & RtnOutputStr(vbNewLine & "Download URL: ", _ "oHF.SelectSingleNode(""References/DownloadURL"").text","","") 'output hotfix entry oTxtFi.WriteLine strOut : strMsg = strMsg & vbNewLine & strOut Next 'uninstalled hotfix End If 'updates missing? Next 'product category 'reset objects Set oMSP=Nothing : Set oMSPColl=Nothing : Set oHF=Nothing : Set oHFColl=Nothing Set oXMLFi=Nothing 'if requested, send results by e-mail If logEmailRpt Then 'send the message to PC Dr Dim oEmail : Set oEmail = CreateObject("CDO.Message") Dim oCDOCfg : Set oCDOCfg = oEmail.Configuration.Fields oEmail.From = strSenderEMA oEmail.To = strDestEMA oEmail.Subject = strTxtFN oEmail.Textbody = strMsg 'configure CDO SMTP oCDOCfg (cdoSendUsingMethod) = cdoSendUsingPort oCDOCfg (cdoSMTPServer) = strSMTPServer oCDOCfg (cdoSMTPServerPort) = 25 oCDOCfg (cdoSMTPAuthenticate) = 0 oCDOCfg (cdoSMTPUseSSL) = False 'configure CDO SMTP for authentication or Gmail If logSMTPAuth Then oCDOCfg (cdoSMTPAuthenticate) = 1 oCDOCfg (cdoSendUserName) = strUserID oCDOCfg (cdoSendPassword) = strUserPW oCDOCfg (cdoSMTPConnectionTimeout) = 15 ElseIf logUseGmail Then oCDOCfg (cdoSMTPServer) = "smtp.gmail.com" oCDOCfg (cdoSMTPAuthenticate) = 1 oCDOCfg (cdoSendUserName) = strUserID oCDOCfg (cdoSendPassword) = strUserPW oCDOCfg (cdoSMTPUseSSL) = True oCDOCfg (cdoSMTPServerPort) = 465 oCDOCfg (cdoSMTPConnectionTimeout) = 15 End If 'SMTP auth or Gmail? oCDOCfg.Update On Error Resume Next Err.Clear : oEmail.Send : intErrNum = Err.Number : strErrDesc = Err.Description On Error Goto 0 If intErrNum <> 0 Then _ oTxtFi.WriteLine vbNewLine & "The e-mail message containing the results could not be sent." &_ vbNewLine & "The error description is: " & strErrDesc Else 'display results in Notepad If logDisplayMsgs Then Wshso.Run "notepad.exe " & DQ & strTxtFNPath & strTxtFN & DQ,1,False End If 'logDisplayMsgs? End If 'e-mail results or display in Notepad? oTxtFi.Close : Set oTxtFi=Nothing 'close the output file 'clean up Set Fso=Nothing Set WshoArgs=Nothing Set Wshso=Nothing 'if XML field doesn't exist, return strMT 'if field exists And empty, return strMT 'if field populated, return strPrefix & Executed strIn & strSuffix Function RtnOutputStr(strPrefix, strIn, strSuffix, strMT) Dim strWk, intErrNum On Error Resume Next Execute "strWk = " & strIn : intErrNum = Err.Number : Err.Clear On Error Goto 0 If intErrNum <> 0 Then strWk = "" If strWk = "" Or IsNull(strWk) Then RtnOutputStr = strMT : Exit Function Else RtnOutputStr = strPrefix & strWk & strSuffix End If End Function 'R00 '2005-07-07, initial release 'R01 'captured MBSACLI.EXE StdErr 'parsed XML file with MSXML2.DOMDocument object 'R02 'deleted "Registered" ("®", Alt-0174) character before loading XML 'document to avoid parsing error, added Const DQ, removed OS suffix 'argument 'R03 'added Windows 7 'R04 'added parse by product category 'added revision number to launch announcement popup 'added URL if StdErr contains (probable) WUA Result Code 'R05 'changed script name to "SAXPAR.vbs" 'added computer name in parentheses, date & time to report title 'added check for MBSACLI.EXE Version 2.0 'added script ID to report header 'added setting report directory via command line parameter or script parameter 'added setting local cab file directory as script parameter to ' run without an Internet connection 'added case severity filter and sending report by e-mail via script parameters 'added optional display of status and error messages 'added hidden check for elevated privileges in WVa/Wn7 'added Windows Server 2003 & 2008 'moved wuauserv service reset to immediately after MBSACLI launch 'added replacement of illegal XML characters by "(" + legal_chr + ")" 'R06 'eliminated use of argument to identify elevated privileges 'R07 'added check for WHOAMI.EXE and results file, quit if either not found 'R08 'added download location for MBSA 2.2 'R09 'MBSACLI.EXE XML output switched to Unicode format, obviating need to ' filter illegal characters; report file also switched to Unicode format 'StdErr output file interpreted as Unicode 'added download location for MBSA 2.2 in case of MBSACLI.EXE version error 'fixed identification of Windows 7 RTM '** Update Revision Number on line #15 **