Is it possible to detect the Windows Update status via registry, to see if the system is "fully updated"?

windows windows-7 windows-update windows-registry automatic-updates

9,773

Solution 1

The closest to the registry that I can find is the Windows Update log file. The only other way is to access it through the COM API.

I spoke with the manager at Microsoft in charge of Windows Update (Dave Roth) and he said that you should absolutely not try to get the status of Windows Update via the registry. He said that you should use the COM API to get the status by executing the search method and using the returned results for the update status of your computer.

He also gave me this tip:

As a simple FYI, for checking what updates are installed calling IUpdateSearcher::Search with IsInstalled=1 will generate an updatecollection object containing all installed updates. You can walk through it to see what is already installed.

Expanding on his tip you could potentially call that method with IsInstalled=0 to see what updates are not installed. (see the powershell example below).

Windows Update Log File

The Windows Update log file is a good way to see the current status of Windows Update. This method would be good if you could only access the file system and did not have access to APIs or other frameworks/platforms and the such.

You can find it at this path:
%windir%\Windowsupdate.log

The Windows Update log file is in this format:
Date Time PID TID Component Text

An example line with template data would be this:
[date][time] [PID][TID][Component][Text]

Here is a full example:
2005-06-0118:30:03 992810Agent * WU client version 5.8.0.2468

Here is an example where the Windows Update Agent searches for available updates and outputs the results:

2005-06-0212:09:36 9924e8Agent*************
2005-06-0212:09:36 9924e8Agent** START **  Agent: Finding updates [CallerId = WindowsUpdate]
2005-06-0212:09:36 9924e8Agent*********
2005-06-0212:09:36 9924e8Agent  * Added update {AC94DB3B-E1A8-4E92-9FD0-E86F355E6A44}.100 to search result
2005-06-0212:09:37 9924e8Agent  * Found 6 updates and 10 categories in search

On modern systems, you will need to run the PowerShell commandlet Get-WindowsUpdateLog as the log is now no longer stored in the log, the log is stored in etl files. The command will compile the WindowsUpdate.log file from all of the etl files and make it available (by default) at the Desktop folder of the current user.

Here is the description of the command:

The Get-WindowsUpdateLog cmdlet merges and converts Windows Update .etl files into a single readable WindowsUpdate.log file. Windows Update Agent uses Event Tracing for Windows (ETW) to generate diagnostic logs. Windows Update no longer directly produces a WindowsUpdate.log file. Instead, it produces .etl files that are not immediately readable as written.

This cmdlet requires access to a Microsoft symbol server.

COM API

The COM API is a good way to directly access Windows Update without having to parse logs. Applications of this API range from finding available updates on the computer to installing and uninstalling updates.

You could use the Microsoft.Update.Session class to run an update search and then count the number of updates available to see if there are any updates for the computer.

PowerShell Example:

$updateObject = New-Object -ComObject Microsoft.Update.Session
$updateObject.ClientApplicationID = "Serverfault Example Script"
$updateSearcher = $updateObject.CreateUpdateSearcher()
$searchResults = $updateSearcher.Search("IsInstalled=0")
Write-Host $searchResults.Updates.Count

If the returned result is more than 0 then there are updates for the computer that need to be installed and/or downloaded. You can easily update the powershell script to fit your application.

Just a heads up, it appears that the search function is not async so it would freeze your application while searching. In that case you will want to make it async.

Tl;Dr

If you are building a non script (compiled) type of application (with the exception of PowerShell which has access to COM APIs) then I would recommend to use the COM API. Otherwise log parsing would be your best option.

Links

How to read the log file:
https://support.microsoft.com/en-us/help/902093/how-to-read-the-windowsupdalog-file

PowerShell log compile cmdlet:
https://docs.microsoft.com/en-us/powershell/module/windowsupdate/get-windowsupdatelog?view=win10-ps

Com32 API reference:
https://msdn.microsoft.com/en-us/library/windows/desktop/aa387099(v=vs.85).aspx

Solution 2

Microsoft is now using the value UBR (Unified Build Revision) to identifiy the patch level. The value was first added in Windows 10

, but is now backported to Windows 7

and Windows 8.1 as well

So, query the UBR value from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion and look at the Update History page (for Windows 10 v1709 as example) for the value KB123456 (OS Build 16299.XYZ) on left side:

Here you can see that my 1709 is fully patched with last update.

9,773

Max Muster

G C G Well I've been a bachelor all my life D I thought the time had come to take a wife C G Em So I moved to the city to find myself a mate A7 D7 But I get all confused when I start looking for a date G C G Oh I can't tell the boys from the girls D And friends it's really messing up my world C G They all wear long hair and bouncy curls D G And I can't tell the boys from the girls C G I walked in a picture show and found a seat D This pretty little thing sat down in front of me C G Em I leaned over and asked her if she'd like some company A7 D7 But I nearly died when she turned out to be a he Repeat #2 C G I'm going to leave this city and go home D I guess I'll stay single from now on C G Em But I won't make the same mistake by coming here again A7 D7 Cause I can't tell difference between the hers and hims The Beast continued its studies with renewed Focus, building great Reference works and contemplating new Realities. The Beast brought forth its followers and acolytes to create a renewed smaller form of itself and, through Mischievous means, sent it out across the world. The Book of Mozilla, 6:27

Updated on September 18, 2022

Comments

Max Muster almost 2 years

I would like to be able to check the computer's update status by querying the registry. I specifically would like some to check if the computer's update status is "fully updated".

I have looked through a lot of entries in the registry but I could not find one that has the update status of the computer.

What options do I have to check the windows update status?
Max Muster over 6 years

Thank you very much @ElliotLabs but I am afraid I can not parse the log files. It seems not reliable to me. What api could be used?. Please understand that I want to see first how this status can be determined and based on this I will choose the program language to write my application.
Elliot Huffman over 6 years

See the update for the msdn reference. I will make the answer shiny when I get to work tomorrow.
Max Muster over 6 years

Woaw, thanks, now the circle gets tighter. Its remarkable how difficult it is to determine such a simple thing. OK so it looks like the WUA API can be used to scan for updates offline and online. And then I could have a WU_E_NO_UPDATE 0x80240024 code, that could tell me the system is updated ? What is your recommendation? See you tomorrow ;-)
Elliot Huffman over 6 years

@eichertc I just updated the answer to include examples and a quote.