How to check if a specific Windows security update is installed?

Given that the WannaCry ransomware exploit is going around I wanted to check if my computer has the specific security update that should stop the vulnerability - apparently, MS17-010, assuming I'm understanding the vulnerability and that is indeed the right patch. How would one check that detail?

Microsoft tries to give some detail but it's gibberish to someone who's not well versed with registry keys (I think I touched them once before to dig out a stubborn virus back when XP was still a thing - that's it.) Other searches give some clues regard command line options but they're not all that clear and I don't like running commands I don't understand.

dluxcru

Posted 2017-05-13T04:50:58.957

Reputation: 335

1https://technet.microsoft.com/en-us/library/security/ms17-010.aspx The security bulletin about the update in question. – dluxcru – 2017-05-13T04:52:17.410

– Quazi Irfan – 2017-05-14T21:10:16.410

2Check the answer by @magicandrr1981 below. You won't get the update KB-number as you'll find in that link from Microsoft because your Windows likely has installed a newer rollup (a batch of updates) that substitutes the ms17-010 update, thus the latter will be replaced in the list of installed updates by the newer rollup. – Sanny – 2017-05-16T16:51:28.850

Answers

Here is a way to check this for windows 10 (Version 1607): As noted here https://support.microsoft.com/en-us/help/4013389/title in section "Windows 10 (all editions)", the security update file name for MS17-010 must be Windows10.0-KB4013429-x64.msu, so the kb number for this patch will be KB4013429.

Then in the windows 10 update history check for an entry containing the KB4013429. At my system this patch was successfully installed in the mid of march and is named cumulative update for windows 10 version 1607 for x64 based systems (KB4013429).

guppy81

Posted 2017-05-13T04:50:58.957

Reputation: 80

1For Windows 10 x64 are three KB patches listed on that site: KB4012606 (for all versions?), KB4013198 (Windows Version 1511) and KB4013429 (Windows version 1607). The current Windows build (creators update) is 1703. So, which one is the right? – nixda – 2017-05-13T08:26:44.673

@nixda The patch that applies to your installation. – Ramhound – 2017-05-13T13:08:28.413

To know what version of windows you are running go to, Start Menu > Settings > System > About > 'Version'. The first two digits of version number are the year of release, and last two digits are month. If your Windows 10 version number is 1607, then your it was released on 2016 July. Also you do not need to update to 'Creators update' to get this patch automatically. – Quazi Irfan – 2017-05-14T22:37:19.997

Here is the download link to the MS17-010 Security Update. – Quazi Irfan – 2017-05-15T05:02:56.790

If in doubt, download the patch installer for your version of Windows and run it. If the patch is already installed, it'll say so and stop. – Steve Rindsberg – 2017-05-17T15:42:57.077

Checking for a specific KB is BAD, because Updates get replaced with newer updates and the disk cleaner deletes such old replaced/superseded Windows Updates.

You need to check the KB page and look for file version data of the update for each Windows you use and now look if the user has at least this file version or a newer one.

This will always return the correct result. If the update gets replaced and removed the check always shows "you are insecure", but the issue is already fixed.

If you use Windows 10, make sure you have the latest Update rollup installed

In May 2017 those are

for 1511: KB4019473 (OS Build 10586.916)
for 1607: KB4019472 (OS Build 14393.1198)
for 1703: KB4016871 (OS Build 15063.296)

The last Update rollup always includes all older updates so here you are safe.

Pro tip: to quickly check your Windows version, just type winver in the Windows 10 search or 'Run' command and hit Enter.

magicandre1981

Posted 2017-05-13T04:50:58.957

Reputation: 86 560

1If I were the op, I'd select this answer as the correct one. Most home users get their updates freshly, right from Microsoft's ovens, thus updates are replaced with newer rollups (things aren't like in vista where every update is listed). The virus only targets those devices in networked areas like companies who are illiterate on cyber security, if not illiterate on computers, and don't want to put some cash in Microsoft's pockets for newer Windows – Sanny – 2017-05-15T18:12:24.047

@Sanny the OP has choosen the other one – magicandre1981 – 2017-05-16T16:38:04.783

Probably if you add some screenshots you might get accepted – Sanny – 2017-05-16T16:54:57.250

While this is good advice (that updates get replaced) keeping track of which update replaced what is a lot of work - I'd need some very specific examples of how to know what replaced what for this to be an acceptable answer. – dluxcru – 2017-05-16T19:02:20.300

no, this is NOT hard, I added the link which always shows the history of updates. run winver and look if the buildnumber is the latest & you're fine. you can install a clean Win10 and the latest rollup and you are fine. – magicandre1981 – 2017-05-17T15:19:40.867

@DavidDale open the link provided in this answer (screenshot below for version 1607 https://support.microsoft.com/en-us/help/4019472)

http://i.imgur.com/sJqJvBi.jpg (if this is not showing, then http://imgur.com/sJqJvBi)

so if you have updated to the top one, then you should be safe.

– Sanny – 2017-05-20T00:30:46.367

You have given the answer yourself. Open a powershell prompt and type this:

get-hotfix | out-string -stream | select-string   "KB00112233"

This snippet will only read datas, so nothing wrong can happen with it.

You only have to adjust with the KB you want to check. As specified in the MS Security bulletin MS17-010 (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx), the KB number depends of your OS.

For example, the KB number for Windows 10 v1607 is KB4013429

As mentionned in https://superuser.com/a/1209007/264313, hotfix are regularly replaced by newer one. So a specific fix might be present but the original hotfix be missing.

Veovis

Posted 2017-05-13T04:50:58.957

Reputation: 954

Doesn't work reliably. For example, on a machine where the update history shows KB4012216, this script does not detect KB4012216. Probably because a newer update has already been installed. See https://superuser.com/a/1209007/333024

– Florian Winter – 2017-05-16T15:28:36.807

1This is shorter and more precise: get-hotfix -Id KB00112233. It still doesn't list some installed older updates, though. – Florian Winter – 2017-05-16T15:38:19.920

Works on Windows 7 as well. – user3356885 – 2018-01-30T19:10:22.877

For Lansweeper users: Lansweeper released a report that can be used to find machines that do not have the hotfixes installed to mitigate the SMB vulnerability.

user729121

Posted 2017-05-13T04:50:58.957

Reputation: 1