Why are "get-hotfix" and "wmic qfe list" in Powershell missing installed updates?
Solution 1:
I believe the Get-Hotfix
commandlet leverages the Win32_QuickFixEngineering
WMI class to list Windows Updates, but only returns updates supplied by Component Based Servicing (CBS). Updates supplied by the Microsoft Windows Installer (MSI) or the Windows update site are not returned by Get-Hotfix
/Win32_QuickFixEngineering
.
You can try using the Windows Update API through PowerShell like in the below example. Give this a shot and let us know if it shows the missing updates.
$Session = New-Object -ComObject Microsoft.Update.Session
$Searcher = $Session.CreateUpdateSearcher()
$Searcher.Search("IsInstalled=1").Updates | ft -a Date,Title
EDIT: To search through the results, you can use the Where-Object
commandlet (or alias Where
) and filter for a specific hotfix:
$Searcher.Search("IsInstalled=1").Updates | Where {$_.Title -like "*KB2760587*"} | ft date,title
Solution 2:
You need to use different ways to list the updates installed by different methods. like installed by wsus or configmgr
Take a look here
https://social.technet.microsoft.com/wiki/contents/articles/4197.how-to-list-all-of-the-windows-and-software-updates-applied-to-a-computer.aspx
Solution 3:
If someday someone needs to get the full update list using Python, I've written in implementation that checks for windows updates via COM, WMI and registry so we don't miss an update based on it's install method.
Install with:
pip install windows_tools.updates
Usage
from windows_tools.updates import get_windows_updates
for update in get_windows_updates(filter_duplicates=True):
print(update)
You can also remove the duplicate filter (AV engine updates etc) with get_windows_updates(filter_multiple=False)