4

I want to programmatically get a list of all installed KBs. This could be python code, WinAPI (which I will call from python), running another process and parsing its output, etc. What interests me are security updates, I don't care whether or not other updates are returned or not. However, I want updates for software as well, not just for Windows - anything that shows up in the control panel's "Installed Updates" window. It's also important that this code will run on all versions of windows, not just a single version (I don't mind having an if-else in the code, with different behavior for different Windows versions - it's just important that eventually it works).

I tried wmic qfe, systeminfo and PowerShell's get-hotfix, all of which return only OS updates.

I have a Windows 10 myself, and I couldn't find a single place in the registry or in the file system where all KBs are listed together. Couldn't make sense of Procmon's output (after recording opening "Installed Updates") either - too large and not focused enough. It seems like different updates are listed in different places, but nothing I could easily understand how to extend/generalize.

EDIT: I found this code: https://codereview.stackexchange.com/questions/135648/find-installed-and-available-windows-updates

I tried running it on my computer, and it found some KBs that didn't appear neither in the commandline commands I ran, nor in "Installed Updates". On the other hand, there are also KBs that don't appear there but do appear in the other locations..

Thanks!

Eran Zimmerman Gonen
  • 4,375
  • 1
  • 19
  • 31
  • Hi @Eran. I don't have a complete solution for you, but, if you try to explore further with my answer here: https://stackoverflow.com/questions/48382393/determine-windows-update-classification/48417374, you might get close to what you're looking at! Good Luck. – Am_I_Helpful Oct 10 '18 at 08:25

1 Answers1

1

The problem with qfe is that newer Windows versions have updates for componentes which aren't CBS related, hence wmic path Win32_QuickFixEngineering will not show them.

The trick is to use a COMObject to the updater system. I've written a small package that does the job, and checks for updates via COM, WMI and registry.

Talking to windows update via COM gives the most information. WMI gives some information, and registry of course only gives the KB and install date.

Install with

pip install windows_tools.updates

Use with

from windows_tools.updates import get_windows_updates

for update in get_windows_updates(filter_duplicates=True):
    print(update)

The duplicate filter is enabled because of AV definition updates that show alot.

Orsiris de Jong
  • 2,819
  • 1
  • 26
  • 48
  • Not perfect (my current code finds 26 unique installed KBs on my machine, yours only finds 13), but +1 and accepted for adapting to the newer update system (finds a total of 109 unique updates on my machine) and a ready-made pip package is useful. You might want to consider adding other collection methods to your library (my code takes from COM, registry and wmi). Cheers! – Eran Zimmerman Gonen Sep 25 '21 at 18:22
  • @EranZimmermanGonen Thanks for your comment. I've updated my package to include COM, WMI and REG ways to get the updates. Would you mind giving it a test run and report back ? – Orsiris de Jong Oct 04 '21 at 16:23
  • Did you upload the new version? pip tells me I'm up-to-date, and pypi.org also shows 1.1.0 as the latest version. – Eran Zimmerman Gonen Oct 05 '21 at 12:13
  • @EranZimmermanGonen Indeed, I've uploaded it to the test pypi repo. Upload on production pypi is now done ;) – Orsiris de Jong Oct 05 '21 at 20:52