I want to programmatically get a list of all installed KBs. This could be python code, WinAPI (which I will call from python), running another process and parsing its output, etc. What interests me are security updates, I don't care whether or not other updates are returned or not. However, I want updates for software as well, not just for Windows - anything that shows up in the control panel's "Installed Updates" window. It's also important that this code will run on all versions of windows, not just a single version (I don't mind having an if-else in the code, with different behavior for different Windows versions - it's just important that eventually it works).
I tried wmic qfe, systeminfo and PowerShell's get-hotfix, all of which return only OS updates.
I have a Windows 10 myself, and I couldn't find a single place in the registry or in the file system where all KBs are listed together. Couldn't make sense of Procmon's output (after recording opening "Installed Updates") either - too large and not focused enough. It seems like different updates are listed in different places, but nothing I could easily understand how to extend/generalize.
EDIT: I found this code: https://codereview.stackexchange.com/questions/135648/find-installed-and-available-windows-updates
I tried running it on my computer, and it found some KBs that didn't appear neither in the commandline commands I ran, nor in "Installed Updates". On the other hand, there are also KBs that don't appear there but do appear in the other locations..
Thanks!
The problem with qfe is that newer Windows versions have updates for componentes which aren't CBS related, hence wmic path Win32_QuickFixEngineering will not show them.
The trick is to use a COMObject to the updater system. I've written a small package that does the job, and checks for updates via COM, WMI and registry.
Talking to windows update via COM gives the most information. WMI gives some information, and registry of course only gives the KB and install date.
Install with
pip install windows_tools.updates
Use with
from windows_tools.updates import get_windows_updates
for update in get_windows_updates(filter_duplicates=True):
print(update)
The duplicate filter is enabled because of AV definition updates that show alot.