A long time ago Microsoft established the second Tuesday of every month as Patch Tuesday, so that patch managers could always know when to expect fixes. For the most part they stick to releasing updates on Patch Tuesday, with the occasional emergency patch for very severe bugs.
Microsoft used to provide sequential update packages that had to be installed in order. These days, updates are provided as cumulative , meaning that all of the required updates from the base version. This can make for some pretty large updates! To make things a bit more complicated, many of the updates are distributed as deltas , which we will talk about in depth later in this post.
Luckily, the Microsoft Update Catalog has a pretty good search feature. The most effective way to search for the update you want is to search in the following format:. So for example, if I am looking for the July patch set for Windows 10 x64 I would search x64 cumulative and one of the top hits should be the result I'm looking for. Relevant results are easy to get with the right search!
As you can see, results were returned for a few different release numbers , , and and both Windows 10 and Windows Server. The keen observer should note that the Windows Server and Windows 10 updates are the exact same size. In fact, if you click download, both links direct to the same place. Additionally, updates for and are also the same. The latter case reason is explained on the OS build page :.
Windows 10, versions and share a common core operating system and an identical set of system files. As a result, the new features in Windows 10, version were included in the recent monthly quality update for Windows 10, version released October 8, , but are currently in a dormant state. Microsoft also distributes a few other kinds of updates via the Microsoft Update Catalog. If you leave off the word cumulative from the search above, then you get some more results, including Dynamic and Servicing Stack updates that are considerably smaller than the cumulative updates.
Different Kinds of Updates. According to Microsoft documentation servicing stack updates are updates to the Windows Update process itself. Servicing stack updates are packaged like cumulative updates and only include components related to Windows Update.
Microsoft documentation saves the day again for dynamic updates, which apparently can also update Windows Update components, as well as setup components like installation media, Windows Recovery Environment WinRE , and some drivers.
Dynamic updates are packaged slightly differently than cumulative and servicing stack updates; they are downloadable as a single CAB file and have various language packs and other setup components.
Patches are packed tightly into an MSU file, which can contain tens of thousands of files, only some of which matter to us as security researchers. I wanted to walk through manual extraction first and then provide an update to an existing script PatchExtract. To get started, you'll need to download a cumulative update MSU file from the update catalog. For this example I'm using the Windows 10 x64 August cumulative update package.
I usually make a few folders before I start: I name the top-level folder with the patch year and month and then create two sub-folders called patch and ext. The actual patch files inside of the nested CAB file will go in the patch folder, and the contents of the extracted MSU will go in the ext folder. Next, I'm going to expand the MSU using the expand. The next two arguments are the MSU to extract and then the destination folder for the expanded files. Finally, I'm going to extract the patch files from the PSFX cab file by using the expand command again, this time expanding to the patch directory.
At this point I recommend walking away, starting a load of laundry, getting a sandwich, and petting the cat, because this part takes a while mins.
The Out-Null is optional, I only use it because I don't care for it printing every file it is about to extract. This particular extraction took about 15 minutes via Measure-Command and resulted in a total of files and folders under the patch folder! If you're following along at home: Once the extraction is complete, give yourself a high-five, and then take it back, because unfortunately that was the easy part!
Next, you'll have to make sense of the extracted files and find the patched files you are looking for. To find what you are looking for it helps to know the structure of the patch and the types of files you will encounter.
To begin to understand these details take a look at this hirearchical view of a patch starting with the MSU output abbreviated to save space :. CrackingCity June 11, 64 Comments. File Extractor. Its RAR format may only take second place for its level of compression but it is consistently the fastest when it comes to both packing and unpacking files.
While RAR files are not native to Windows or Mac, many other compression programs are still capable of unpacking it. WinRAR offers a graphic interactive interface utilizing mouse and menus as well as the command-line interface. Your email address will not be published.
Forgot password? Don't have an account? Sign Up. Create an Account. Already have an account? Update payment method. We were unable to renew your subscription, please update your billing information. Please authorize this app to work with your Google Drive. Extract another archive. April 7th, Read next Detecting Patches in. NET 2. NET Framework 1.
0コメント