How to check if a specific Windows security update is installed?
Solution 1
Here is a way to check this for windows 10 (Version 1607): As noted here https://support.microsoft.com/en-us/help/4013389/title in section "Windows 10 (all editions)", the security update file name for MS17-010 must be Windows10.0-KB4013429-x64.msu, so the kb number for this patch will be KB4013429.
Then in the windows 10 update history check for an entry containing the KB4013429. At my system this patch was successfully installed in the mid of march and is named cumulative update for windows 10 version 1607 for x64 based systems (KB4013429).
Solution 2
Checking for a specific KB is BAD, because Updates get replaced with newer updates and the disk cleaner deletes such old replaced/superseded Windows Updates.
You need to check the KB page and look for file version data of the update for each Windows you use and now look if the user has at least this file version or a newer one.
This will always return the correct result. If the update gets replaced and removed the check always shows "you are insecure", but the issue is already fixed.
If you use Windows 10, make sure you have the latest Update rollup installed
In May 2017 those are
- for 1511: KB4019473 (OS Build 10586.916)
- for 1607: KB4019472 (OS Build 14393.1198)
- for 1703: KB4016871 (OS Build 15063.296)
The last Update rollup always includes all older updates so here you are safe.
Pro tip: to quickly check your Windows version, just type winver in the Windows 10 search or 'Run' command and hit Enter.
Solution 3
You have given the answer yourself. Open a powershell prompt and type this:
get-hotfix | out-string -stream | select-string "KB00112233"
This snippet will only read datas, so nothing wrong can happen with it.
You only have to adjust with the KB you want to check. As specified in the MS Security bulletin MS17-010 (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx), the KB number depends of your OS.
For example, the KB number for Windows 10 v1607 is KB4013429
As mentionned in https://superuser.com/a/1209007/264313, hotfix are regularly replaced by newer one. So a specific fix might be present but the original hotfix be missing.
Related videos on Youtube
11 : 03
10 : 19
03 : 37
03 : 01
05 : 32
dluxcru
I'm a programming student in college. I mentor several organizations that teach kids to code. In my spare time I enjoy games, be they virtual or tabletop, and creative work, like Blender.
Updated on September 18, 2022Comments
-
dluxcru over 1 year
Given that the WannaCry ransomware exploit is going around I wanted to check if my computer has the specific security update that should stop the vulnerability - apparently, MS17-010, assuming I'm understanding the vulnerability and that is indeed the right patch. How would one check that detail?
Microsoft tries to give some detail but it's gibberish to someone who's not well versed with registry keys (I think I touched them once before to dig out a stubborn virus back when XP was still a thing - that's it.) Other searches give some clues regard command line options but they're not all that clear and I don't like running commands I don't understand.
-
nixda about 7 yearsFor Windows 10 x64 are three KB patches listed on that site: KB4012606 (for all versions?), KB4013198 (Windows Version 1511) and KB4013429 (Windows version 1607). The current Windows build (creators update) is 1703. So, which one is the right?
-
Ramhound about 7 years@nixda The patch that applies to your installation.
-
Quazi Irfan about 7 yearsTo know what version of windows you are running go to,Start Menu > Settings > System > About > 'Version'. The first two digits of version number are the year of release, and last two digits are month. If your Windows 10 version number is 1607, then your it was released on 2016 July. Also you do not need to update to 'Creators update' to get this patch automatically. -
Quazi Irfan about 7 yearsHere is the download link to the MS17-010 Security Update.
-
Sanny about 7 yearsIf I were the op, I'd select this answer as the correct one. Most home users get their updates freshly, right from Microsoft's ovens, thus updates are replaced with newer rollups (things aren't like in vista where every update is listed). The virus only targets those devices in networked areas like companies who are illiterate on cyber security, if not illiterate on computers, and don't want to put some cash in Microsoft's pockets for newer Windows -
Florian Winter about 7 yearsDoesn't work reliably. For example, on a machine where the update history shows KB4012216, this script does not detect KB4012216. Probably because a newer update has already been installed. See superuser.com/a/1209007/333024 -
Florian Winter about 7 yearsThis is shorter and more precise:
get-hotfix -Id KB00112233. It still doesn't list some installed older updates, though. -
magicandre1981 about 7 years@Sanny the OP has choosen the other one -
Sanny about 7 yearsProbably if you add some screenshots you might get accepted 😜
-
dluxcru about 7 yearsWhile this is good advice (that updates get replaced) keeping track of which update replaced what is a lot of work - I'd need some very specific examples of how to know what replaced what for this to be an acceptable answer.
-
magicandre1981 about 7 yearsno, this is NOT hard, I added the link which always shows the history of updates. run winver and look if the buildnumber is the latest & you're fine. you can install a clean Win10 and the latest rollup and you are fine.
-
Steve Rindsberg about 7 yearsIf in doubt, download the patch installer for your version of Windows and run it. If the patch is already installed, it'll say so and stop. -
Sanny almost 7 years@DavidDale open the link provided in this answer (screenshot below for version 1607 support.microsoft.com/en-us/help/4019472) i.imgur.com/sJqJvBi.jpg (if this is not showing, then imgur.com/sJqJvBi) so if you have updated to the top one, then you should be safe.
-
user3356885 over 6 yearsWorks on Windows 7 as well.
-
Ajedi32 almost 3 yearsNote that this only applies to Windows OS updates. Windows updates to other Microsoft products (like Office) aren't necessarily cumulative in this way.
-
Ajedi32 almost 3 yearsOddly, on my system the update history page in the Windows Settings UI only shows one update, while the "Installed updates" page in Control Panel shows way more than that. This makes me doubt the reliability of the update history page, at least on the current version of Windows.
-
magicandre1981 almost 3 yearsthe question is about Windows updates and not office, read the question
