Seeking Advice on Automating Security Update KB5040434 Installation on Multiple VMs

João Vitor do Prado Maia 20 Reputation points
2024-08-08T13:12:31.4633333+00:00

Hi everyone,

I'm looking for some help with automating the installation of the security update KB5040434 on multiple virtual machines (VMs). This update is crucial because it addresses several vulnerabilities that need to be mitigated promptly.

Right now, manually installing this update on each VM is really time-consuming and inefficient. Plus, the VMs need to be restarted after applying the update.

Does anyone have advice on a more streamlined and automated method to deploy this update across all VMs? I'm particularly interested in learning if there's a way to do this through Azure Cloud Shell, an automation account, or any other Azure functionality that can make this process easier.

Any guidance would be greatly appreciated!

Thanks in advance!

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,791 questions
Microsoft Configuration Manager Updates
Microsoft Configuration Manager Updates
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Updates: Broadly released fixes addressing specific issue(s) or related bug(s). Updates may also include new or modified features (i.e. changing default behavior).
1,040 questions
Azure Update Manager
Azure Update Manager
An Azure service to centrally manages updates and compliance at scale.
295 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. glebgreenspan 2,230 Reputation points
    2024-08-08T13:44:52.9866667+00:00

    Hello Joao

    Step 1: Create an Automation Account

    1. Log in to Azure Portal.
    2. Search for "Automation Accounts" and click on it.
    3. Create a new Automation Account by clicking on the "Create" button.
    4. Fill out the required information, select the resource group, and then click "Create".

    Step 2: Enable the Update Management Feature

    1. After your Automation Account is created, go to the account's page.
    2. In the left-hand menu, look for “Updates management” and click on it.
    3. Click “Enable” to activate this feature, which allows you to manage updates for your VMs.

    Step 3: Configure the Update Deployment

    1. Go to the "Update Management" section of your Automation Account.
    2. Click "Add update deployment".
    3. Choose the "Schedule" for when you want to install the updates (you can run it immediately for urgent updates).
    4. Specify the target VMs: Choose the VMs you want to target for the update.
    5. In the "Update classification" section, ensure that you select Security Updates.
    6. Specify the Windows update (e.g., KB5040434) in the "Include" section where you can specify individual updates.
    7. Optionally check the "Automatically reboot after this deployment" to ensure VMs are restarted post-update.
    8. Click "Create" to save your update deployment.

    Step 4: Monitoring the Update Deployment

    • After the deployment runs, you can monitor the status in the Update Management section to ensure updates were successfully applied, and you can check to see the results and any failures.
    1. Using PowerShell Script (Optional)

    If you prefer using Azure Cloud Shell or a script to automate this process, you can leverage PowerShell. Here’s how:

    Build a PowerShell Script

    Create a PowerShell script that does the following:

    • Connects to your Azure VMs.
    • Runs the command to install the KB update.
    • Restarts the VMs as needed.
    Copy# Define the list of VM names$vmNames = @("VM1", "VM2", "VM3") # Replace with your VM namesforeach ($vmName in $vmNames) {
    # Get the VM    $vm = Get-AzVM -Name $vmName -ResourceGroupName "YourResourceGroupName"# Install the update using Invoke-Command    Invoke-AzVMRunCommand -ResourceGroupName $vm.ResourceGroupName -VMName $vm.Name `
        -CommandId 'RunPowerShellScript' `        -ScriptPath 'C:\Path\To\Your\Script.ps1' # Specify the path of your PowerShell script that installs the update
}

    Script to Install the Update

    In your script (Script.ps1), use something like this:

    Copy# Install the specific update$updateName = "KB5040434"# Search for the update$updateSession = New-Object -ComObject Microsoft.Update.Session
$updateSearcher = $updateSession.CreateUpdateSearcher()
$searchResult = $updateSearcher.Search("IsInstalled=0 AND UpdateID='{0}'" -f $updateName)
if ($searchResult.Updates.Count -gt 0) {
    $updatesToInstall = New-Object -ComObject Microsoft.Update.UpdateColl        foreach ($update in $searchResult.Updates) {
        $updatesToInstall.Add($update)    }    
    # Install the updates
    $installer = $updateSession.CreateUpdateInstaller()
    $installationResult = $installer.Install($updatesToInstall)
    
    # Restart the machine if neededif ($installationResult.ResultCode -eq 2) { # 2 indicates a reboot is required
        Restart-Computer -Force
    }
}

    Step 3: Execute the PowerShell Script

    You can run this script in Azure Cloud Shell or in your local PowerShell environment that has the necessary Azure modules installed.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.