When troubleshooting patching issues, you may need to verify if a specific Windows Update (KB) has been installed on a device. Depending on where you look in Windows, a KB might appear to be missing.
This guide covers how to manually check for installed updates, explains why some updates might not show up in your history, and outlines how the Automox agent natively handles these complexities to ensure accurate reporting.
Why Some Installed Updates Do Not Show in Update History
Sometimes, you may successfully install an update (like a specific .NET Framework KB or driver), but it will not appear in the Windows Update History.
This usually happens because Windows updates are cumulative. Subsequent updates include all the code and fixes from previous patches. When a newer cumulative update (e.g., Windows 11 22H2) is installed, it supersedes older, smaller update packages. The older KBs become part of the new baseline and are no longer listed individually in the Update History. This is completely normal and simply means your system is updated past the specific KB you are looking for.
How to Manually Check for an Installed KB
Because different Windows subsystems track updates differently, no single manual method will show every type of update. You may need to use a combination of these methods:
1. Windows Update History (UI)
Navigate to Settings > Windows Update > Update History.
Limitation: This primarily shows recent regular updates and feature updates; superseded or deep system updates may be hidden.
2. PowerShell (Get-HotFix)
Open PowerShell and run:
Get-HotFix | Select-Object HotFixID, InstalledOn, DescriptionLimitation: This command relies on Windows Management Instrumentation (WMI) and only queries Quick Fix Engineering (QFE) updates. It won't display deep operating system components or certain superseded updates.
3. DISM (Deployment Image Servicing and Management)
Open Command Prompt as Administrator and run:
dism /online /get-packagesAdvantage: This queries the Component Based Servicing (CBS) layer and will show deep, system-level packages that
Get-HotFixmisses.
4. Command Prompt (SystemInfo / WMIC)
You can run
systeminfoorwmic qfe list brief /format:tablein Command Prompt to quickly output a list of installed hotfixes.
How Automox Detects Installed Windows Updates
Because manual checks are fragmented, Automox uses a highly robust, multi-layered approach to ensure we report the exact patch state of a device. Rather than relying solely on Get-HotFix—which has blind spots—the Automox agent queries several locations simultaneously and deduplicates the results.
Behind the scenes, the Automox agent evaluates your installed updates using four distinct layers:
WDK and Local Database: Automox first attempts to query updates natively utilizing Windows Dev Kit components and local databases for an immediate read.
QFE / WMI Fallback: The agent queries standard HotFixes (
Get-HotFix) to identify standard baseline KBs.Servicing Packages (CBS): The agent scans the
C:\Windows\servicing\Packagesdirectory, reading the internal.mumXML files. This allows Automox to map deeply embedded system updates and determine if a package is permanently installed.Windows Update Agent (WUA) API: Automox queries the
Microsoft.Update.SessionCOM object. This accesses the deepest level of Windows Update history, allowing the agent to parse revision numbers, classify updates (such as isolating Windows Defender definitions or third-party apps), and ensure accuracy.
By correlating the data from WMI, DISM/CBS, and the WUA API, Automox overcomes the native limitations of Windows reporting, providing you with a single, highly accurate source of truth in your console.