How can I tell if a KB or newer has been installed for Windows?
Solution 1
You can download this spreasheet from Microsoft : http://go.microsoft.com/fwlink/?LinkID=245778
It includes all the published security bulletins/KB since June 1998 : severity, impact, title, affected product and also information on superseded bulletins/KB.
Then you just have to script a little bit to smartly compare the installed KB to this list :)
Have you eventually found an easier way ? I'm interested too !
Solution 2
I think that you would have to create your own database of superceded hotfixes.
The following PowerShell will tell you if you have a specific hotfix installed:
get-hotfix | where HotfixID -eq 'KB2160329'
You would need to walk through your manually created list checking for the superceded fix. Shouldn't be that hard to do.
Solution 3
Julian Knight's answer shows a way to do this with PowerShell, for regular old CMD, you can try [wmic qfe list full][2]. There are several formatting options and you could parse this in your script.
You may also want to look into some vulnerability scanners, like Nessus, if that will address your root problem of knowing if systems are vulnerable to specific exploits.
Related videos on Youtube
03 : 52
01 : 50
06 : 39
02 : 19
04 : 12
IguyKing
Updated on September 18, 2022Comments
-
IguyKing almost 2 years
I have a Windows system that I need to audit. The requirements is that (for example) KB2160329 has been installed onto the system. I know from lots of digging that KB2731847 that we have installed in the environment superseded the earlier KB.
MSkbfiles.com works if you know the file name such as TCPIP.SYS. Doesn't do anything if you are just looking for KB Hotfixes.
How can I say feed in a script that I'm looking for KB2160329 and it can check for superseded patches? Or is there a website somewhere that I'm missing?
[Edited 7 May 2014 8:54am CST]
I'm looking for a way to say that KB2731847 which is on the system does fix the same issue (plus more fixes) as KB2160329 which is not in the list as being installed on the system.
-
IguyKing about 10 yearsThis tells me that a given QFE is installed. Not that KB2160329 has been superseded by KB2731847 so KB2160329 wouldn't be installed yet has the same security fix applied.
-
IguyKing about 10 yearsThis tells me that a given QFE is installed. Not that KB2160329 has been superseded by KB2731847 so KB2160329 wouldn't be installed yet has the same security fix applied.
-
Julian Knight about 10 yearsTHat's why I said you would need to create a list that contained the original KB's with a list of superceding KB's. Windows does not keep this information in an automatable format.
-
IguyKing about 10 yearsAgreed. I'm looking for if there's another way.
-
Julian Knight about 10 yearsI'm afraid not, as I said, the data is not kept in a reliable, machine readable format AFAIK.
-
Fazer87 about 10 yearsGreat, cheers :)
-
IguyKing about 10 yearsI don't know if there's an easier way. Thanks for the links. It's a start.
