How can I tell if a KB or newer has been installed for Windows?

5

3

I have a Windows system that I need to audit. The requirements is that (for example) KB2160329 has been installed onto the system. I know from lots of digging that KB2731847 that we have installed in the environment superseded the earlier KB.

MSkbfiles.com works if you know the file name such as TCPIP.SYS. Doesn't do anything if you are just looking for KB Hotfixes.

How can I say feed in a script that I'm looking for KB2160329 and it can check for superseded patches? Or is there a website somewhere that I'm missing?

[Edited 7 May 2014 8:54am CST]

I'm looking for a way to say that KB2731847 which is on the system does fix the same issue (plus more fixes) as KB2160329 which is not in the list as being installed on the system.

IguyKing

Posted 2014-05-06T21:56:44.387

Reputation: 91

Answers

4

You can download this spreasheet from Microsoft : http://go.microsoft.com/fwlink/?LinkID=245778

It includes all the published security bulletins/KB since June 1998 : severity, impact, title, affected product and also information on superseded bulletins/KB.

Then you just have to script a little bit to smartly compare the installed KB to this list :)

Have you eventually found an easier way ? I'm interested too !

Etienne

Posted 2014-05-06T21:56:44.387

Reputation: 41

Great, cheers :) – Fazer87 – 2014-06-10T10:03:25.733

I don't know if there's an easier way. Thanks for the links. It's a start. – IguyKing – 2014-06-11T11:56:54.140

2

I think that you would have to create your own database of superceded hotfixes.

The following PowerShell will tell you if you have a specific hotfix installed:

get-hotfix | where HotfixID -eq 'KB2160329'

You would need to walk through your manually created list checking for the superceded fix. Shouldn't be that hard to do.

Julian Knight

Posted 2014-05-06T21:56:44.387

Reputation: 13 389

This tells me that a given QFE is installed. Not that KB2160329 has been superseded by KB2731847 so KB2160329 wouldn't be installed yet has the same security fix applied. – IguyKing – 2014-05-07T13:54:08.250

THat's why I said you would need to create a list that contained the original KB's with a list of superceding KB's. Windows does not keep this information in an automatable format. – Julian Knight – 2014-05-07T22:33:18.440

Agreed. I'm looking for if there's another way. – IguyKing – 2014-05-08T16:47:14.190

I'm afraid not, as I said, the data is not kept in a reliable, machine readable format AFAIK. – Julian Knight – 2014-05-09T11:24:26.893

2

Julian Knight's answer shows a way to do this with PowerShell, for regular old CMD, you can try [wmic qfe list full][2]. There are several formatting options and you could parse this in your script.

You may also want to look into some vulnerability scanners, like Nessus, if that will address your root problem of knowing if systems are vulnerable to specific exploits.

Eric G

Posted 2014-05-06T21:56:44.387

Reputation: 1 010

This tells me that a given QFE is installed. Not that KB2160329 has been superseded by KB2731847 so KB2160329 wouldn't be installed yet has the same security fix applied. – IguyKing – 2014-05-07T13:53:36.560

Asked: 2014-05-06T21:56:44.387

Viewed: 13 719 times

Active: 2015-01-04T07:01:44.803