Patches Detection

systeminfo

/opt/post-exploitation/windows/Windows-Exploit-Suggester/windows-exploit-suggester.py --database 2019-03-01-mssb.xls --systeminfo <systeminfo_output>

Component Based Servicing (CBS)

Get-HotFix | Sort-Object HotFixID

Equivalent

$computer = "LocalHost"
$namespace = "root\CIMV2"
Get-WmiObject -class Win32_QuickFixEngineering -computername $computer -namespace $namespace

Updates supplied by the Microsoft Windows Installer (MSI) or the Windows update site

$Session = New-Object -ComObject Microsoft.Update.Session
$Searcher = $Session.CreateUpdateSearcher()
$Searcher.Search("IsInstalled=1").Updates | ft -a Date,Title

Search a specific KB

$Session = New-Object -ComObject Microsoft.Update.Session
$Searcher = $Session.CreateUpdateSearcher()
$Searcher.Search("IsInstalled=1").Updates | Where {$_.Title -like "*KB4018338*"} | ft date,title

wmic.exe qfe list full

post/windows/gather/enum_patches
post/multi/recon/local_exploit_suggester

Patches Detection​

Patches Detection