PowerShell script that can be used to create vulnerable Windows targets.
- Download the
Remove-SecurityUpdate.ps1file to the Windows host. - Open PowerShell as administrator
- Set the execution policy to allow running of unsigned scripts
Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope CurrentUser- Change directory to the folder containing this script
cd C:\Path\To\Directory- Run the script
.\Remove-SecurityUpdate.ps1Readable output that is just verbose enough, and...
$commandTimespan = Measure-Command { Start-Process $process -ArgumentList $arguments -Wait }
if ($commandTimespan.TotalSeconds -lt 5) {
Write-Warning "Uninstaller died too quickly. Queueing KB$id for retry at end of script."
$failedPatches += $id
}
else {
Write-Host "Successfully removed $i of $patchCount`: KB$id" -ForegroundColor Green
}This block of code will account for patch removals that fail when the uninstaller dies too quickly.
The uninstaller is running in the background with no output. This queues failed patches for re-execution later.
The re-execution at the end of the script runs the installer in the foreground, so you can see the output.
I tested wusa with the /log:<somefile.evtx> parameter, but the information is just not great.
You get better information from wusa when it's run in the foreground.
Have fun out there.