The Automox console allows you to uninstall patches using the Rollback Action from the Device Details page. However, this method can become cumbersome when you need to rollback a patch on a large number of devices. Luckily, we have an Automox Worklet for just that scenario.
This Windows Patch Rollback Worklet will detect the presence of, and subsequently remove, the unwanted patch.
Note: Not all patches are uninstallable. Refer to the Microsoft Update Catalog for details for your particular patch.
Automox Worklet: Run Windows Patch Rollback
To deploy this endpoint hardening Worklet, do the following:
- Log in to your Automox Console.
- Navigate to the System Management page and click Create Policy in the upper right-hand section of the screen.
- Choose Windows under Worklet.
- Copy and paste the Evaluation and Remediation code scripts from below. Choose the remediation code that matches your OS version.
- Change the values as described in the code so that they match your needs.
- Note: to evaluate if a specific patch is present, we use the PowerShell command Get-Hotfix. Based on the response of that command, we use the appropriate Exit Code to indicate its compliance status.
Method 1 - Windows 7 and Newer
Remediation is more complex in this case. Since Windows 10 removed the option to uninstall patches silently with wusa.exe, we have to dig through packages another way, format the output, and use dism.exe to uninstall the patch.
Method 2 - Windows 8 and Older
For the sake of example, here is a simpler version that can be used on devices using older operating systems (Windows 8 and older).
The one complication here lies in the need to use the ‘sysnative’ path to wusa.exe when running on a 64-bit operating system. So we add a check for that and act accordingly.
Note: This is necessary because Automox runs as a 32-bit process even on 64-bit versions of Windows.
7. Save the Worklet.
You can assign this Worklet to the appropriate Windows groups and execute the policy. You can also set the Worklet to run on a schedule like any other Worklet.
Below is an example of what this should look like in the Automox console. If you need technical assistance, contact our support team at firstname.lastname@example.org.
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.