9

I'm trying to write a script to make sure a certain hotfix is installed. On one of our test computers running Windows 8.1, get-hotfix returns an incomplete list of hotfixes:

enter image description here

Yet there are tons of patches showing in the Programs and Features control panel:

enter image description here

All of our other test machines, including others installed with Windows 8.0 and 8.1, work fine. Any idea why this is? How can I get a complete list of hotfixes from Powershell?

Edit: wmic qfe list only shows the same four hotfixes as get-hotfix as well.

a paid nerd
  • 3,332
  • 6
  • 30
  • 32
  • Thanks @PJMahoney -- I tried those suggestions without luck. `get-wmiobject -class win32_quickfixengineering` shows the same results as `get-hotfix`. – a paid nerd Nov 18 '15 at 21:04

3 Answers3

14

I believe the Get-Hotfix commandlet leverages the Win32_QuickFixEngineering WMI class to list Windows Updates, but only returns updates supplied by Component Based Servicing (CBS). Updates supplied by the Microsoft Windows Installer (MSI) or the Windows update site are not returned by Get-Hotfix/Win32_QuickFixEngineering.

You can try using the Windows Update API through PowerShell like in the below example. Give this a shot and let us know if it shows the missing updates.

$Session = New-Object -ComObject Microsoft.Update.Session
$Searcher = $Session.CreateUpdateSearcher()
$Searcher.Search("IsInstalled=1").Updates | ft -a Date,Title

EDIT: To search through the results, you can use the Where-Object commandlet (or alias Where) and filter for a specific hotfix:

$Searcher.Search("IsInstalled=1").Updates | Where {$_.Title -like "*KB2760587*"} | ft date,title
bentek
  • 694
  • 3
  • 12
  • Thanks @bentek! That does it. Since I'm pretty new to Powershell, would you mind also showing me a good way to query those results to find if a specific hotfix is included? – a paid nerd Nov 18 '15 at 21:09
  • Also, is this less compatible with older Windows versions than `get-hotfix`? – a paid nerd Nov 18 '15 at 21:40
  • 1
    Edited my answer to include a simple query for a specific hotfix. – bentek Nov 19 '15 at 13:36
  • Actually, this is reporting updates as being installed that aren't listed under Programs and Features --> Installed Updates. – a paid nerd Nov 19 '15 at 20:23
  • 1
    It looks like I want to use `$Searcher.Search("IsInstalled=1").Updates | ft -a Date,Title` instead. – a paid nerd Nov 19 '15 at 20:35
  • Nice catch. I've updated the example code accordingly. – bentek Nov 19 '15 at 21:07
  • 2
    FYI: See also: `Microsoft Update Client Install History` under https://social.technet.microsoft.com/wiki/contents/articles/4197.how-to-list-all-of-the-windows-and-software-updates-applied-to-a-computer.aspx for a different version of this solution (for me the above failed, but it led me to this Technet link which worked). – JohnLBevan Nov 30 '16 at 14:02
  • @bentek I have some understanding issues. The pages mentions Clients like msi or Windows Update pass their packages to CBS, which then further handles the installation. What does "supplied by CBS" mean in that context? It rather reads as the two are working together 24/7. Also thanks for the script, it seems to return at least the update I was looking for, but it literally takes hours to finish...why is that? – David Trevor Aug 22 '17 at 08:34
  • Win10 KB4561616 not showing up with this or wmic qfe :( tweaking the last line of powershell per guidance linked on https://superuser.com/a/1241220/160219 solved – gregg Jul 15 '20 at 21:56
  • `$Searcher.Search(...)` did not work for me. I had to use `$Searcher.QueryHistory(0, $Searcher.GetTotalHistoryCount())` to get a list of installed updates. Nearly all the differences between this component and `Get-Hotfix` were updates to the antivirus/antimalware application (under the dozen or so names MS has used for it in the past decade). I also came across a known bug on one server from KB4034658 where this update history simply doesn't work, so that one had to rely on `Get-Hotfix`. – Bacon Bits Jun 29 '21 at 19:53
4

You need to use different ways to list the updates installed by different methods. like installed by wsus or configmgr

Take a look here

https://social.technet.microsoft.com/wiki/contents/articles/4197.how-to-list-all-of-the-windows-and-software-updates-applied-to-a-computer.aspx

Root Loop
  • 945
  • 3
  • 11
  • 21
1

If someday someone needs to get the full update list using Python, I've written in implementation that checks for windows updates via COM, WMI and registry so we don't miss an update based on it's install method.

Install with:

pip install windows_tools.updates

Usage

from windows_tools.updates import get_windows_updates

for update in get_windows_updates(filter_duplicates=True):
    print(update)

You can also remove the duplicate filter (AV engine updates etc) with get_windows_updates(filter_multiple=False)

Orsiris de Jong
  • 111
  • 4