snarfle Bryan Dam

The Problem

Microsoft provides no way to distribute hotfixes. While WSUS can be used to distribute updates from Update.Microsoft.Com or the Microsoft catalog, there is no known way to import hotfixes into WSUS. To install the update manually, you might run a command such as:

  wusa.exe updatename.msu

However, that won't work with as a WSUS update, for 2 reasons:

  1. You would need to bundle a copy of wusa.exe into the update. This is not an ideal solution since you will want to use the wusa already installed in the operating system.
  2. Wusa cannot run under Windows Update. Wusa itself makes use of WU. As a result, if you launch it from within WU, it reports that an update is already in progress.

The Solution

  • Extract the files from the MSU file you downloaded from Microsoft. This process is described here. In essence, you run this command:

    expand "Windows6.1-KB983544-x86.msu" -F:* c:\hotfix

  • Download RunIt.zip from the download area. link

  • Extract RunIt.exe (or RunIt64.exe for 64bit patches) from RunIt.zip into c:\hotfix
  • Using LUP, create a new update:
    • Use RunIt.exe (or RunIt64.exe) from c:\hotfix as the Update file.
    • Use Add Files or Add Folder to add all the files extracted in step 1 (excluding RunIt).
  • Set an appropriate Vendor and Product.
  • Set the command line to (alter the name of the xml file to match what got extracted into c:\hotfix):

    %windir%\system32\pkgmgr.exe /quiet /n:Windows6.1-KB983544-x86.xml

  • Consider prefixing this command with /L to enable logging (see [#Troubleshooting]).

  • In order for WSUS to correctly handle hotfixes that need to reboot, add a "Return Code" result with:

    Result: Succeeded
    Return Code: 3010
    Reboot: Checked

  • Set the Installed rule. An example might be to use a WMI Query rule such as:

    NS: root\cimv2
    Query: Select HotFixID from win32_quickfixengineering where HotFixID = 'KB983544'

  • Set the Installable Rule. The details for how to determine if the hotfix are installed are typically described by Microsoft as part of the hotfix description. Specifically, you should consider using ALL of these rules:

    • Architecture = x86 (or whatever)
    • Windows version (updates typically only apply to a very specific OS). For HotFix 983544, I used "Windows Version Equals 6.1 - Workstation."
    • Check to see if you have already installed an update that supersedes your hotfix. You don't want to have a situation where you apply an even later update, only to have WSUS re-apply this earlier one because the Installable rule became valid again. For example, if you are hotfixing Ntoskrnl.exe (KB983544), you should check:

    FileVersion Path="Ntoskrnl.exe" Csidl=SYSTEM Comparison="LessThan" Version="6.1.7600.20713"

  • After you have defined the rule, but before you approve it, consider having a couple of clients perform detection. This will happen automatically based on WSUS scheduling, or can be triggered from the command line with "wuauclt /detectnow" or on Vista (or later) thru WUAPP.exe. Make sure your Installable/Installed rules perform as expected.


If the update doesn't perform as expected, consider prepending /L to your command line, like this:

  /L %windir%\system32\pkgmgr.exe /quiet /n:Windows6.1-KB983544-x86.xml

This will cause RunIt to write logging information to %windir%\temp\runit.log. A sample log entry might look like:

  ----- 2010/11/11 20:15:41 ----- Starting
  CommandLine: /L %windir%\system32\pkgmgr.exe /quiet /n:Windows6.1-KB983544-x86.xml
  CreateProcess: C:\Windows\system32\pkgmgr.exe /quiet /n:Windows6.1-KB983544-x86.xml
  Result: 0
  ----- 2010/11/11 20:15:42 ----- Ending

Also, you can use redirection. You will need a command line more like this:

  /L %comspec% /c %windir%\system32\pkgmgr.exe /quiet /n:Windows6.1-KB983544-x86.xml > %windir%\temp\mylog.log

While RunIt was originally designed to be used with hotfixes, it can be used to launch any locally installed applications, run batch files, etc. Source code is included.


Wiki: Distributing_Hotfixes_with_LUP
Wiki: Main_Page