This manual process for deploying an emergency patch will decrease the time it takes to ensure your legacy machines are operating at lower risk to exploit.

Please note that Windows XP versions cannot be fully patched by Automox, due to the lack of support for XP updates by Windows Update. Automox can manage software installation and patching, as well as configuration and security settings.

There are 2 minimum requirements that can allow Automox to run on Windows XP:

  • Microsoft .NET Framework 3.5 or higher
  • Windows PowerShell 2.0 or higher

Windows XP Required Prerequisites 

Install .NET Framework 3.5 (or higher)
https://www.microsoft.com/en-us/download/details.aspx?id=21

Install PowerShell 2.0 via Windows Management Framework (.NET required first)
https://www.microsoft.com/en-us/download/details.aspx?id=16818

Install Automox (with legacy Installer)
https://console.automox.com/Automox_Legacy_Installer-latest.msi

(Note GetSystemDetail scan command WILL NOT work, So there are no hardware details and compatibility check will always show “Not Compatible”)

Download Patch from MS Catalog (For the appropriate Windows Edition)
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4500331

Create Automox Custom Policy to detect (optional)

Patching Instructions

  1. Name the Policy

    2. Upload the KB file to the policy


    3.  Enter Evaluation and Remediation Scripts. Evaluation is optional if you’re going to execute manually. Here’s an example:

For Evaluation code block

### Evaluation
#Define KB Number and check for presence
$kbID = 'KB4500331'
$installed = Get-Hotfix -Id $kbID -ErrorAction SilentlyContinue

if ( $installed ) {
    #Compliant, so Exit 0 as success
    Exit 0
} else {
    #Non-Compliant, so Exit 1 as failure
     Exit 1
}

For Remediation code block

### Remediation
#Enter the name of the file you uploaded
$fileName = "windowsxp-kb4500331-x86.exe"

#Launch the installer file and capture exit code to determin success
$installer = Start-Process -FilePath $fileName -ArgumentList "/quiet /passive /norestart" -Wait -PassThru

#Evaluate Exit Code for Success 0,1641,3010 are all considered successful
if ( $installer.ExitCode -in @('0','1641', '3010')) {
      Exit 0
} else { Exit 1 }

        4. Save the policy 

        5. Assign Policy to Group(s)

        6.  Execute the policy by click the "Execute Policy Now" button

Within Minutes, the Patch is installed on your XP devices

Did this answer your question?