Given the rise of zero-day vulnerabilities and the importance of regular patching, a user needs to quickly identify if a machine has been patched recently. There are several sources of information about software updates that store slightly different data.
There are two options that can be used to check the recent updates installed on a machine:
This command fetches updates for Windows OS and its components (such as Internet Explorer and Server roles and features). This won't list updates for non-inbox application such as Microsoft Office or Exchange server. To quickly find out when was the last time security patches, hotfix or a service pack was installed, run this in the command prompt:wmic qfe list brief /format:texttablewsys > "%temp%\WindowsUpdates.txt"Note: This is the preferred method to use if the execution of Powershell scripts is prohibited on the system as outlined in Option 2. Example output:The InstalledOn field gives an idea of when was the last time an update was installed on the machine.
wmic qfe list brief /format:texttablewsys > "%temp%\WindowsUpdates.txt"
This is a feature available in Sophos Central that you can use to list the updates installed on a particular managed computer by using the canned query Patches Applied.
Related informationMicrosoft Security Advisories and Bulletin
Unfortunately, I don't have this Live discover option under Threat Analysis Center. How to unable it or what to do to get it live?
Hi OSF BiH,
Live discover option is applicable once you have your license upgraded to Intercept X Advance with EDR. You may refer to this KB Article for more details. https://support.sophos.com/support/s/article/KB-000039257?language=en_US