Get the hotfixes that have been applied to the local and remote computers.

      Get-HotFix [[-Id] string[]] [-ComputerName string[]]
         [-Credential PSCredential] [CommonParameters]

      Get-HotFix [-Description string[]] [-ComputerName string[]]
         [-Credential PSCredential] [CommonParameters]

   -ComputerName string[]
       Specify a remote computer.
       Type a NetBIOS name, an Internet Protocol (IP) address, or a fully
       qualified domain name of a remote computer'
       The default is the local computer.

       This parameter does not rely on PowerShell remoting.

   -Credential PSCredential
       Specify a user account that has permission to perform this action.
       The default is the current user.

       Type a user name, such as "User64" or "Domain64\User64", or enter
       a PSCredential object, such as one generated by Get-Credential.
       If you type a user name, you will be prompted for a password.

   -Description string[]
       Get only hotfixes with the specified descriptions.
       Wildcards are permitted.
       The default is all hotfixes on the computer.

   -Id string[]
       Get only hotfixes with the specified hotfix IDs. The default is all hotfixes on the computer.

This cmdlet leverages the Win32_QuickFixEngineering WMI class to list Windows Updates supplied by Component Based Servicing. Updates supplied by Microsoft Windows Installer (MSI) or Windows Update are NOT included.

An alternative is to call the Windows Update Client API to list Windows and app updates installed using Windows Update, Microsoft Update or Automatic Updates feature. This will include any update installed using enterprise management systems like WSUS or ConfigMgr but will exclude any installed manually or using custom management scripts. The data in WMI is stored in UTC format.

Get all KB updates applied to the local computer:

$Session = New-Object -ComObject "Microsoft.Update.Session"
$Searcher = $Session.CreateUpdateSearcher() 
$historyCount = $Searcher.GetTotalHistoryCount() 
$Searcher.QueryHistory(0, $historyCount) | Select-Object Title, Description, Date,     
   @{name="Operation"; expression={switch($_.operation){
         1 {"Installation"}; 2 {"Uninstallation"}; 3 {"Other"}
   @{name="Status"; expression={switch($_.resultcode){
            1 {"In Progress"}; 2 {"Succeeded"}; 3 {"Succeeded With Errors"};
            4 {"Failed"}; 5 {"Aborted"}
   @{name="KB"; expression={($_.title -split "(KB*.*)")[1]}} |
   Export-CSV c:\batch\updates.csv -append -noTypeInformation

A function to return this for remote computers can be found here: Get-InstalledUpdates.ps1

n.b. some KB update numbers may be listed multiple times as different versions are installed to address the same issue.


Get all hotfixes on the local computer:

PS C:\> Get-Hotfix

Get all hotfixes on Server64 and Server65 that have a description that begins with "Security":

PS C:\> Get-Hotfix -description Security* -computername Server64, Server65 -cred Server64\billg

Check all the servers listed in the Servers.txt file, for those which are missing the KB957095 security update write the computer name out to a second file:

PS C:\> $a = Get-Content servers.txt
PS C:\> $a | ForEach-Object { if (!(get-hotfix -id KB957095 -computername $_)) { add-content $_ -path Missing.txt }}

Get the installed hotfixes, sort them by InstalledOn, and then use array notation to select the last item in the array:

PS C:\> (Get-Hotfix | Sort-Object installedon)[-1]

“If it ain’t broke, don’t fix it' is the slogan of the complacent, the arrogant or the scared. It’s an excuse for inaction, a call to non-arms” ~ Colin Powell

Related PowerShell Cmdlets

Get-ComputerRestorePoint - Get the restore points on the local computer.
Query the Windows Update Client to show the files present (

Copyright © 1999-2024
Some rights reserved