Why are "get-hotfix" and "wmic qfe list" in Powershell missing installed updates?

7

8

I'm trying to write a script to make sure a certain hotfix is installed. On one of our test computers running Windows 8.1, get-hotfix returns an incomplete list of hotfixes:

enter image description here

Yet there are tons of patches showing in the Programs and Features control panel:

enter image description here

All of our other test machines, including others installed with Windows 8.0 and 8.1, work fine. Any idea why this is? How can I get a complete list of hotfixes from Powershell?

Edit: wmic qfe list only shows the same four hotfixes as get-hotfix as well.

a paid nerd

Posted 2015-11-17T23:08:13.813

Reputation: 2 803

Thanks @PJMahoney -- I tried those suggestions without luck. get-wmiobject -class win32_quickfixengineering shows the same results as get-hotfix. – a paid nerd – 2015-11-18T21:04:24.390

Answers

11

I believe the Get-Hotfix commandlet leverages the Win32_QuickFixEngineering WMI class to list Windows Updates, but only returns updates supplied by Component Based Servicing (CBS). Updates supplied by the Microsoft Windows Installer (MSI) or the Windows update site are not returned by Get-Hotfix/Win32_QuickFixEngineering.

You can try using the Windows Update API through PowerShell like in the below example. Give this a shot and let us know if it shows the missing updates.

$Session = New-Object -ComObject Microsoft.Update.Session
$Searcher = $Session.CreateUpdateSearcher()
$Searcher.Search("IsInstalled=1").Updates | ft -a Date,Title

EDIT: To search through the results, you can use the Where-Object commandlet (or alias Where) and filter for a specific hotfix:

$Searcher.Search("IsInstalled=1").Updates | Where {$_.Title -like "*KB2760587*"} | ft date,title

bentek

Posted 2015-11-17T23:08:13.813

Reputation: 594

Thanks @bentek! That does it. Since I'm pretty new to Powershell, would you mind also showing me a good way to query those results to find if a specific hotfix is included? – a paid nerd – 2015-11-18T21:09:08.117

Also, is this less compatible with older Windows versions than get-hotfix? – a paid nerd – 2015-11-18T21:40:35.857

1Edited my answer to include a simple query for a specific hotfix. – bentek – 2015-11-19T13:36:14.980

Actually, this is reporting updates as being installed that aren't listed under Programs and Features --> Installed Updates. – a paid nerd – 2015-11-19T20:23:41.107

1It looks like I want to use $Searcher.Search("IsInstalled=1").Updates | ft -a Date,Title instead. – a paid nerd – 2015-11-19T20:35:01.703

Nice catch. I've updated the example code accordingly. – bentek – 2015-11-19T21:07:12.437

2

FYI: See also: Microsoft Update Client Install History under https://social.technet.microsoft.com/wiki/contents/articles/4197.how-to-list-all-of-the-windows-and-software-updates-applied-to-a-computer.aspx for a different version of this solution (for me the above failed, but it led me to this Technet link which worked).

– JohnLBevan – 2016-11-30T14:02:59.330

@bentek I have some understanding issues. The pages mentions Clients like msi or Windows Update pass their packages to CBS, which then further handles the installation. What does "supplied by CBS" mean in that context? It rather reads as the two are working together 24/7.

Also thanks for the script, it seems to return at least the update I was looking for, but it literally takes hours to finish...why is that? – taclight – 2017-08-22T08:34:06.240

2

You need to use different ways to list the updates installed by different methods. like installed by wsus or configmgr

Take a look here

https://social.technet.microsoft.com/wiki/contents/articles/4197.how-to-list-all-of-the-windows-and-software-updates-applied-to-a-computer.aspx

Root Loop

Posted 2015-11-17T23:08:13.813

Reputation: 785

Asked: 2015-11-17T23:08:13.813

Viewed: 41 634 times

Active: 2017-08-15T21:02:04.137