How can I tell if a KB or newer has been installed for Windows?

14,236

Solution 1

You can download this spreasheet from Microsoft : http://go.microsoft.com/fwlink/?LinkID=245778

It includes all the published security bulletins/KB since June 1998 : severity, impact, title, affected product and also information on superseded bulletins/KB.

Then you just have to script a little bit to smartly compare the installed KB to this list :)

Have you eventually found an easier way ? I'm interested too !

Solution 2

I think that you would have to create your own database of superceded hotfixes.

The following PowerShell will tell you if you have a specific hotfix installed:

get-hotfix | where HotfixID -eq 'KB2160329'

You would need to walk through your manually created list checking for the superceded fix. Shouldn't be that hard to do.

Solution 3

Julian Knight's answer shows a way to do this with PowerShell, for regular old CMD, you can try [wmic qfe list full][2]. There are several formatting options and you could parse this in your script.

You may also want to look into some vulnerability scanners, like Nessus, if that will address your root problem of knowing if systems are vulnerable to specific exploits.

Share:
14,236

Related videos on Youtube

IguyKing
Author by

IguyKing

Updated on September 18, 2022

Comments

  • IguyKing
    IguyKing over 1 year

    I have a Windows system that I need to audit. The requirements is that (for example) KB2160329 has been installed onto the system. I know from lots of digging that KB2731847 that we have installed in the environment superseded the earlier KB.

    MSkbfiles.com works if you know the file name such as TCPIP.SYS. Doesn't do anything if you are just looking for KB Hotfixes.

    How can I say feed in a script that I'm looking for KB2160329 and it can check for superseded patches? Or is there a website somewhere that I'm missing?

    [Edited 7 May 2014 8:54am CST]

    I'm looking for a way to say that KB2731847 which is on the system does fix the same issue (plus more fixes) as KB2160329 which is not in the list as being installed on the system.

  • IguyKing
    IguyKing about 10 years
    This tells me that a given QFE is installed. Not that KB2160329 has been superseded by KB2731847 so KB2160329 wouldn't be installed yet has the same security fix applied.
  • IguyKing
    IguyKing about 10 years
    This tells me that a given QFE is installed. Not that KB2160329 has been superseded by KB2731847 so KB2160329 wouldn't be installed yet has the same security fix applied.
  • Julian Knight
    Julian Knight about 10 years
    THat's why I said you would need to create a list that contained the original KB's with a list of superceding KB's. Windows does not keep this information in an automatable format.
  • IguyKing
    IguyKing about 10 years
    Agreed. I'm looking for if there's another way.
  • Julian Knight
    Julian Knight about 10 years
    I'm afraid not, as I said, the data is not kept in a reliable, machine readable format AFAIK.
  • Fazer87
    Fazer87 about 10 years
    Great, cheers :)
  • IguyKing
    IguyKing about 10 years
    I don't know if there's an easier way. Thanks for the links. It's a start.