You're probably wondering how to find out which exact hotfixes you need for Windows, there are 4 ways to do this, excluding using XPCREATE which downloads them for you:


A full list of Critical Updates are available at this forum thread (Covers Windows 2000 up to XP SP2). The list at the forums is kept up-to-date at all times.


Set up a base install of Windows XP SP2 (with no updates installed), and go to Windows Update. Take note of the 6 digit numbers on each Critical Update, e.g. "329441: Security Update for Microsoft Windows".

After you have taken note of all the 6 digit numbers on every security update, you need to attach them to the end of this URL: http://support.microsoft.com/?kbid=xxxxxx replacing the xxxxxx with the numbers you wrote down.

Then download from the link provided at the Knowledge Base Article (some articles will link to a Technet Security Bulletin). Repeat for the other updates shown on Windows Update.


Set up a base install of Windows XP SP2 (with no updates installed), and access Windows Update. . Click on the "Personalize Windows Update" link on the left pane, Check the "Display the link to the Windows Update Catalog" under the "See Also" check-box under "Set options for Windows Update" list in the right pane, Click the "save settings" button in the top right of the right pane.

Then click on the "Windows Update Catalog" link under the "See Also" list in the left pane, click "Find updates for Microsoft Windows operating systems" in the right pane, select OS (Windows XP SP2) in the Operating-system-list and your OS language in the Language-List, and then click search in bottom right of the right pane.

You are now presented with links to "Critical Updates and Service Packs", "Multi-Language Features" and "Recommended Updates". Open each link and add what components/updates you want and click the "Go to Download Basket" link when you are done. Select the path to download the updates in (Must be an existing folder) and click on the "Download now" Button. The updates will now be downloaded and categorized in separate folders, automatically on your own hard-drive.

Note: The Windows Update Catalog is not as accurate as Windows Update itself.



Instead of accessing Windows Update, grab the freeware HFNetChk Utility. As it explains on its site: "HFNetChk.exe is the multi-threaded command-line tool you can use to assess a computer or selected group of computers for the absence of security patches.".

Install HFNetChk and open up Command Prompt (Start > Run > CMD). Change to the directory where HFNetChk is installed (Usually C:\Program Files\Shavlik Technologies\HFNetChk\), and type: hfnetchk -v

Make a note of the Knowledge Base Article numbers and look them up as explained in Method 2, or use the Technet Security Bulletin numbers (MSxx-xxx) and look them up using this URL:
http://www.microsoft.com/technet/security/bulletin/MSxx-xxx.asp replacing the xx-xxx with the numbers shown in HFNetChk.



Its a lengthy process, but it certainly does pay off in the end. It will be much easier to maintain your hotfix list in the future since only a hotfix or two is released every second Tuesday of the month. (That's Microsoft Patch Day!). Hotfix updates will be announced on the frontpage of MSFN.org as soon as they are released.

---