How to check if a specific Windows security update is installed?

Checking for a specific KB is BAD, because Updates get replaced with newer updates and the disk cleaner deletes such old replaced/superseded Windows Updates.

You need to check the KB page and look for file version data of the update for each Windows you use and now look if the user has at least this file version or a newer one.

This will always return the correct result. If the update gets replaced and removed the check always shows "you are insecure", but the issue is already fixed.

If you use Windows 10, make sure you have the latest Update rollup installed

http://i.imgur.com/sJqJvBi.jpg

In May 2017 those are

  • for 1511: KB4019473 (OS Build 10586.916)
  • for 1607: KB4019472 (OS Build 14393.1198)
  • for 1703: KB4016871 (OS Build 15063.296)

The last Update rollup always includes all older updates so here you are safe.

Pro tip: to quickly check your Windows version, just type winver in the Windows 10 search or 'Run' command and hit Enter.


You have given the answer yourself. Open a powershell prompt and type this:

get-hotfix | out-string -stream | select-string   "KB00112233"

This snippet will only read datas, so nothing wrong can happen with it.

You only have to adjust with the KB you want to check. As specified in the MS Security bulletin MS17-010 (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx), the KB number depends of your OS.

For example, the KB number for Windows 10 v1607 is KB4013429

As mentionned in https://superuser.com/a/1209007/264313, hotfix are regularly replaced by newer one. So a specific fix might be present but the original hotfix be missing.


Here is a way to check this for windows 10 (Version 1607): As noted here https://support.microsoft.com/en-us/help/4013389/title in section "Windows 10 (all editions)", the security update file name for MS17-010 must be Windows10.0-KB4013429-x64.msu, so the kb number for this patch will be KB4013429.

enter image description here

Then in the windows 10 update history check for an entry containing the KB4013429. At my system this patch was successfully installed in the mid of march and is named cumulative update for windows 10 version 1607 for x64 based systems (KB4013429).

enter image description here