Check Windows Update History

TL;DR

Yes, you can audit Windows security updates to confirm they’ve been installed. This guide shows how using built-in tools and PowerShell.

Checking Update History via Settings

1. Open Settings: Press the Windows key + I to open the Settings app.
2. Navigate to Updates: Click on ‘Update & Security’.
3. View Update History: Select ‘Windows Update’ from the left-hand menu, then click ‘View update history’. This shows a list of recent updates, including security updates. You can see dates and KB numbers (Knowledge Base articles).

Using PowerShell to Audit Updates

PowerShell provides more detailed control for auditing.

1. Open PowerShell as Administrator: Right-click the Windows Start button and select ‘Windows PowerShell (Admin)’ or ‘Terminal (Admin)’.
2. List Installed Updates: Use the following command to list all installed updates:

   Get-HotFix | Sort-Object Date

   This will display a table with information about each update, including its KB number and installation date.

3. Filter for Security Updates: To specifically find security updates, use the following command:

   Get-HotFix | Where-Object {$_.Category -like '*Security Update*'} | Sort-Object Date

   This filters the output to show only updates categorised as ‘Security Update’.

4. Export Update History to a File: You can save the update history to a text file for record keeping:

   Get-HotFix | Where-Object {$_.Category -like '*Security Update*'} | Sort-Object Date | Out-File C:Updates.txt

   This saves the security updates list to a file named ‘Updates.txt’ in the root of your C drive. Change the path as needed.

5. Check for Failed Updates: Use Windows Event Viewer:
   • Open Event Viewer (search for it in the Start menu).
   • Navigate to ‘Windows Logs’ > ‘Windows Update’.
   • Look for errors with Event ID 20 or warnings that indicate update failures.

Using `wmic` (Less Recommended)

While still functional, PowerShell is the preferred method.

1. Open Command Prompt as Administrator: Search for ‘cmd’ in the Start menu, right-click and select ‘Run as administrator’.
2. List Updates with `wmic` : Use this command:

   wmic qfe list brief /format:table

   This displays a table of installed updates. It doesn’t easily filter for security updates specifically.

Important Considerations

• Regular Checks: Schedule regular checks (weekly or monthly) to ensure timely update application.
• Third-Party Tools: Consider using third-party patch management tools for more advanced reporting and automation, especially in larger environments.
• KB Numbers: Research any unfamiliar KB numbers online to understand the security vulnerabilities they address.