HFNetChk is a command-line tool that enables an administrator to check the patch status of all the machines in a network from a central location. The tool does this by referring to an XML database that’s constantly updated by Microsoft.
HFNetChk can be run on Windows NT 4.0 or Windows 2000 systems, and will scan either the local system or remote ones for patches available for the following products:
The HFNetChk tool uses an Extensible Markup Language (XML) file that contains information about which hotfixes are available for each product. The XML file contains security bulletin name and title, and detailed data about product-specific security hotfixes, including: files in each hotfix package and their file versions and checksums, registry keys that were applied by the hotfix installation package, information about which patches supersede which other patches, related Microsoft Knowledge Base article numbers, and much more.
When you run the HFNetChk tool for the first time from a command line (without any switches), the tool must obtain a copy of this XML file so that the tool can find the hotfixes that are available for each product. The XML file is available on the Microsoft Download Center Web site in compressed form. The file is a digitally signed .cab file. HFNetChk downloads the .cab file, verifies the signature, and then decompresses the .cab file to your local computer. Note that a .cab file is a compressed file that is similar to a .zip file.
Download the Latest Mssecure.cab
After the .cab file is decompressed, HFNetChk scans your computer (or the selected computers) to determine the operating system, service packs, and programs that you are running. HFNetChk then parses the XML file and identifies security patches that are available for your combination of installed software. Patches that are available for your computer but are not currently installed on your computer are displayed as “Patch NOT Found” in the resulting output. In the default configuration, HFNetChk output displays only those patches that are necessary to bring your computer up to date. HFNetChk recognizes roll-up packages and does not display those patches that are superseded by later patches.
HFNetChk first examines the computer to determine if the registry key that is associated with the patch exists. If the registry key does not exist, the patch is considered not installed. If the registry key does exist, HFNetChk searches for the related files on the computer and compares the file version and checksum from the XML file to the file version and checksum of the files on the computer. If any of the file tests are not successful, the hotfix is listed as “Patch NOT Found”.
HFNetChk was developed for Microsoft by Shalvik Technologies LLC (http://www.shavlik.com/). More information about Shalvik, including a GUI version and an advanced command-line version of HFNetChk, is available on the http://www.shavlik.com/nshc.htm Web site.
The following are the requirements for a computer that is running HFNetChk:
Download Microsoft HFNetChk 3.3 (released January 17, 2001) (250kb)
Download Shalvik HFNetChk 3.86 (released November 20, 2002) (600kb)
HFNetChk is also available through the MBSA V1.2.1 command line interface, mbsacli.exe /hf.
The HFNetChk tool that you execute by using the mbsacli /hf command, is a command-line tool that you can use to assess a computer or selected group of computers for the absence of security patches. You can use HFNetChk to assess the patch status for the Windows NT 4.0 and Windows 2000 operating systems, as well as hotfixes for IIS 4.0, IIS 5.0, SQL Server 7.0, SQL Server 2000 (including MSDE), Exchange Server 5.5, Exchange Server 2000, Windows Media Player, and Internet Explorer 5.01 or later.
The HFNetChk tool uses an Extensible Markup Language (XML) file that contains information about which hotfixes are available for each product. The XML file contains the security bulletin name and title, and detailed data about product-specific security hotfixes, including the following items (and much more):
When you run the HFNetChk tool for the first time from a command line (without any switches), the tool must obtain a copy of this XML file so that the tool can find the hotfixes that are available for each product. The XML file is available on the Microsoft Download Center Web site in compressed form. The file is a digitally signed .cab file. HFNetChk downloads the .cab file, verifies the signature, and then decompresses the .cab file to your local computer. Note that a .cab file is a compressed file that is similar to a .zip file. If the CAB file is not downloaded, HFNetChk tries to download an uncompressed copy of this file from Microsoft.
After the .cab file is decompressed, HFNetChk scans your computer (or the selected computers) to determine the operating system, service packs, and programs that you are running. HFNetChk then parses the XML file and identifies security patches that are available for your combination of installed software. Patches that are available for your computer but are not currently installed on your computer are displayed as “Patch NOT Found” in the resulting output. In the default configuration, HFNetChk output displays only those patches that are necessary to bring your computer up to date. HFNetChk recognizes roll-up packages and does not display those patches that are superseded by later patches.
Microsoft Network Security Hotfix Checker (Hfnetchk.exe) Tool Is Available – 303215 (Syntax, usage, details and more)
Frequently Asked Questions for Microsoft Network Security Hotfix Checker (Hfnetchk.exe) Tool – 305385
Download Shalvik HFNetChk 3.86
MBSA Whitepaper
Microsoft XML parser