http://www.sqlservercentral.com/blogs/brian_kelley/2011/10/06/detecting-security-updates-on-vista-windows-7-2008-2008r2/

Printed 2014/10/01 02:15AM

Detecting Security Updates on Vista/Windows 7/2008/2008R2

2011/10/06

When trying to detect whether updates have been installed or not, there were several places we investigated:

Some updates still write to these locations to enable detection and they should be looked for. For instance, SQL Server 2005 SP4 for the database engine will be found at:

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\KB246332_SQL9

However, OS based updates to Vista and above don't tend to get written to a registry key. You could use MBSA or something of that sort to try and detect them all, but there is a simpler method that can be easily scripted. It's the PowerShell Get-Hotfix Cmdlet. If I want a list of all hotfixes, it's simply:

Get-Hotfix


If I know of a specific hotfix to find, I can use the -ID switch. For instance, to find out whether MS11-064 has been installed, I need to refer to its KB#.

Get-Hotfix -ID KB2563894


Do note that this detection isn't perfect. Updates don't necessarily register where Get-Hotfix is looking. For instance, this will throw an error, even if it's installed (SQL Server 2005 SP4):

Get-Hotfix -ID KB246332

Instead, you can use the provder to look for it:

gci HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall `
 | Where-Object {$_.name -match "KB2463332_.*"}

Given the multiple locations it may be easier to use a specialized tool, but if you're just looking for a handful of patches, then it should be fairly easy to use Powershell to do so.


Copyright © 2002-2014 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.