Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Registry key location for security update and Hotfixes

In my application i want to query the Security update and Hotfixes on windows box. For this i have queried the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall Everything went well on the OS other than windows 2008 server and windows 7...

When running appwiz.cpl on Windows 2008 server machine it is showing the lot of Hotfixes and security updates but their is no entry for any of them in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. It seems like windows has changed the registry location for windows 2008 server and Windows 7.

I need to query the details of the Security updates and Hotfixes.

like image 414
Devloper Avatar asked Feb 24 '11 09:02

Devloper


People also ask

Where is the Windows Update registry key?

Registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsUpdate\Orchestrator\Configurations.

Where is the registry key located?

There are two ways to open Registry Editor in Windows 10: In the search box on the taskbar, type regedit, then select Registry Editor (Desktop app) from the results. Right-click Start , then select Run. Type regedit in the Open: box, and then select OK.

Where can I find WSUS entries in registry?

Registry entries for the WSUS server are located in the following subkey: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate.


2 Answers

With Windows 7 they introduced patches that are being applied using .msu files (MSU == Microsoft System Update).

One way is to enumerate the keys on HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages and then check the (string) value InstallClient for the "WindowsUpdateAgent".

You can apparently use the Windows Update Agent API to read it independent of the registry location.

like image 180
0xC0000022L Avatar answered Oct 20 '22 00:10

0xC0000022L


The best location I have found for Security and Hotfixes applied to the system is the WMI QFE object list (WMIC QFE GET). This has proven accurate on all 6.x and later OS (Vista, W2008, Win7). W2003 also provides QFE but the entries are duplicated in the standard uninstall list.

like image 31
AdvApp Avatar answered Oct 19 '22 23:10

AdvApp