Want to update Windows 10 without connecting a computer to the internet?
Let’s start with a clean installation of Windows 10 Pro on a virtual machine without an internet connection.
Let’s run winver.exe
to see which version we have first.
We can see that we are running Windows 10 version 1903 with OS build 18362.30.
Find the latest update for Windows 10
To find out if this is the latest version we need to find some information about the latest updates from Microsoft.
Here is the official list for all updates for version 1903 of Windows 10.
As we can see, as of today, the latest release for Windows 10 is OS build 18362.418. The update also has a KB-number. In this case KB4517389.
Download the offline update
We can search the Microsoft Update Catalog for update KB4517389 and download it.
This will give us a few options. One of the updates is for Windows Server, so we will exclude that one. The three others are for either x86, x64 or ARM64-based systems. In our case, we need to choose the x64 version because we have an x64 bit system.
You can check which system type you are running by entering systeminfo
in a CMD window. Look for the line similar to:
System Type: x64-based PC
So let’s download the file KB-file. The filename in this case is windows10.0-kb4517389-x64_6292f6cb3cdf039f01410b509f8addcec8a89450.msu
.
What is a cumulative update?
The update is a so-called “cumulative update”. But what does that mean? This is eloquently explained in Wikipedia:
Windows 10 also introduced cumulative updates. For example, if Microsoft released updates KB00001 in July, KB00002 in August, and KB00003 in September, Microsoft would release cumulative update KB00004 which packs KB00001, KB00002, and KB00003 together. Installing KB00004 will also install KB00001, KB00002 and KB00003, mitigating the need for multiple restarts and reducing the number of downloads needed. However, a disadvantage of cumulative updates is that downloading and installing updates that fix individual problems is no longer possible.
Wikipedia – Windows Update (23 October 2019)
Installing the update
We will copy over the MSU update file to our virtual machine to see if we can install it directly. We just double click the MSU file to start the installation.
Once the download is finished we can run winver.exe
again to check if we are now running the latest version.
We are now running OS build 18362.418. We can also confirm that this is the case by using the systeminfo
command in CMD.
So is that it? Sadly, no…
Unfortunately, the cumulative update does not include everything.
We can confirm this by connecting to the internet and run Windows Update. The Windows update got 4 updates in the first run and an additional update in the next run after reboot.
As we can see we are missing some other updates:
- Security Intelligence Update for Windows Defender Antivirus (KB2267602)
- Windows Malicious Software Removal Tool x64 – October 2019 (KB890830)
- 2019-10 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1903 for x64 (KB4524100)
- 2019-09 Security Update for Adobe Flash Player for Windows 10 Version 1903 for x64-based Systems (KB4516115)
- Update for Windows Defender Antivirus antimalware platform – KB4052623.
So how can we get these updates offline?
Getting additional updates
Security Intelligence Update
Security Intelligence Updates can be downloaded here. Make sure to get the “Microsoft Defender Antivirus for Windows 10 and Windows 8.1”.
Download the “mpam-fe.exe” file. Run the file as admin. The installation is silent, so you won’t see any windows or confirmations. For some reason, Windows Update will still download this update. So I might be doing something wrong here…
BTW Windows Defender is now renamed to Microsoft Defender. Just an FYI.
Windows Malicious Software Removal Tool
Finding the latest KB-number for this update is a bit tricky. You can search for “Windows Malicious Software Removal Tool x64” in the Microsoft Update Catalog and sort by release date. Make sure to select “Windows 10,Windows 10 LTSB,Windows 8.1,Windows Server 2012,Windows Server 2012 R2,Windows Server 2016“. In this case, it was called “Windows Malicious Software Removal Tool – October 2019 (KB890830)“.
Cumulative Update for .NET Framework
You can find the KB-number of the latest version here. Search for the KB in the Microsoft Update Catalog. Make sure to download the x64 version if you have an x64 system. Just double click on the MSU to install.
Security Update for Adobe Flash Player
Find the latest KB-number here and download the update from the Microsoft Update Catalog.
I assume this will be deprecated very soon.
Update for Windows Defender Antivirus antimalware platform
Search for “Windows Defender Antivirus antimalware platform” in the Microsoft Update Catalog. The download will contain three files where only one of them will be able to install on your system (for example x64 system).
That’s it, I think. Offline updating is a real pain 😩. Personally I would probably just boot into audit mode, update then generalize. 😂 But there you go…