How to List all of Windows and Software Updates applied to a computer

Overview

Given the rise of zero-day vulnerabilities and the importance of regular patching, a user needs to quickly identify if a machine has been patched recently. There are several sources of information about software updates that store slightly different data. 

There are two options that can be used to check the recent updates installed on a machine: 

 Windows Management Instrumentation (WMI)

This command fetches updates for Windows OS and its components (such as Internet Explorer and Server roles and features). This won't list updates for non-inbox application such as Microsoft Office or Exchange server. 

To quickly find out when was the last time security patches, hotfix or a service pack was installed, run this in the command prompt:

wmic qfe list brief /format:texttablewsys > "%temp%\WindowsUpdates.txt"

Note: This is the preferred method to use if the execution of Powershell scripts is prohibited on the system as outlined in Option 2. 

Example output:



The InstalledOn field gives an idea of when was the last time an update was installed on the machine. 

 Live Discover

This is a feature available in Sophos Central that you can use to list the updates installed on a particular managed computer by using the canned query Patches Applied.

  1.  Log in to Sophos Central Admin.
  2. Click Threat Analysis Center > Live Discover.
  3. In the search box, type Patches Applied then click the item that will show in the result.
  4. Under Device selector choose the Endpoint (must be online) and then click Run Query. 
  5. The results should be displayed as shown in the screenshot below:

Related information
Microsoft Security Advisories and Bulletin 



Removed extra bullet point
[edited by: Marlon Deza at 9:23 AM (GMT -7) on 9 Jun 2021]