The simplest way to check for installed updates is using Windows Management Instrumentation Command-line (WMIC):
wmic qfe list brief /format:table | find "KB5005565"This command searches through all installed updates and filters for a specific KB number. If the update is installed, it will display the HotFixID, description, and installation date.
For more detailed information, PowerShell provides several methods:
# Method 1: Using Get-Hotfix
Get-HotFix -Id KB5005565 -ErrorAction SilentlyContinue
# Method 2: Querying Windows Update history
Get-WmiObject -Class Win32_QuickFixEngineering | Where-Object { $_.HotFixID -eq "KB5005565" }
# Method 3: Checking via DISM (for Windows 10/11)
DISM /Online /Get-Packages | findstr "Package_for_KB5005565"When managing multiple machines, you can create a script to check update status remotely:
$computers = "Server01","Server02","Workstation01"
$KB = "KB5005565"
foreach ($computer in $computers) {
try {
$session = New-PSSession -ComputerName $computer -ErrorAction Stop
$result = Invoke-Command -Session $session -ScriptBlock {
param($KB)
Get-HotFix -Id $KB -ErrorAction SilentlyContinue
} -ArgumentList $KB
if ($result) {
Write-Host "$KB found on $computer (Installed: $($result.InstalledOn))" -ForegroundColor Green
}
else {
Write-Host "$KB NOT found on $computer" -ForegroundColor Red
}
}
catch {
Write-Host "Failed to connect to $computer" -ForegroundColor Yellow
}
}- Some updates may require a reboot to show as "installed"
- Certain security updates may appear under different KB numbers than expected
- For Windows 10/11 feature updates, use
winvercommand instead - The Package_for_ prefix in DISM results varies by update type
As a system administrator or developer, you often need to verify whether specific Windows updates (KB patches) are installed on a machine. This is particularly important when troubleshooting issues or ensuring compliance. The command line provides several efficient ways to check this.
The most straightforward method is using Windows Management Instrumentation Command-line (WMIC):
wmic qfe list brief /format:tableThis command displays all installed updates in a table format, including KB numbers. To search for a specific KB:
wmic qfe where "HotFixID like 'KB5005565'" list briefFor more flexibility, PowerShell offers better options:
Get-HotFix -Id KB5005565Or to list all updates with filtering:
Get-HotFix | Where-Object {$_.HotFixID -eq "KB5005565"}For Windows 10/11, you can use Deployment Image Servicing and Management:
dism /online /get-packages | findstr "KB5005565"For repeated use, create a batch script:
@echo off
set /p kb="Enter KB number: "
wmic qfe where "HotFixID='%kb%'" list brief
if %errorlevel% neq 0 echo Update %kb% not installed
pauseHere's a more robust PowerShell function:
function Test-KBInstalled {
param(
[Parameter(Mandatory=$true)]
[string]$KBNumber
)
$kb = $KBNumber.Replace("KB", "")
$session = New-Object -ComObject Microsoft.Update.Session
$searcher = $session.CreateUpdateSearcher()
$updates = $searcher.QueryHistory(0, $searcher.GetTotalHistoryCount())
return ($updates | Where-Object { $_.Title -match $kb }) -ne $null
}You can also check the Windows registry:
reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall" /s | findstr "KB5005565"To cross-verify with Windows Update history:
Get-WindowsUpdateLog -Etw | Select-String "KB5005565"For checking across multiple machines:
$computers = "server1", "server2", "workstation1"
$kb = "KB5005565"
Invoke-Command -ComputerName $computers -ScriptBlock {
param($kb)
Get-HotFix -Id $kb -ErrorAction SilentlyContinue
} -ArgumentList $kbRemember that some updates might be superseded by newer ones. Also, the KB number format might vary slightly (with or without "KB" prefix). Always verify the exact naming convention used in your environment.