Using PowerShell To Find Installed Hotfixes

Today (well, yesterday actually) Microsoft recalled one of their hotfix updates that was released in the most recent round of 'Patch Tuesday' fun. This isnt something that happens a lot - they have become very good at getting reliable updates out there. This one in question, caused some odd behaviour and crashed the system when it was also running Kasperski Anti Virus. (

My first task was to remove the patch from our WSUS server. Next, feeling like stretching my scripting-skillz, I decided to draft a quick PowerShell script to locate any instances of the patch already installed. 

Im always looking for opportunities to expand my PowerShell knowledge and experience!

Long story short; I referenced two awesome sites to help me with my syntax. This is what I came up with:

Import-Module ActiveDirectory
$ServerList = Get-ADComputer -Filter { OperatingSystem -Like '*Windows Server*' } -Properties OperatingSystem | Select -expand Name
$PatchKB = "KB2823324"
foreach ($ServerName in $ServerList) { 
write-host $ServerName
Get-WmiObject -class Win32_QuickFixEngineering -ComputerName $ServerName -Filter "HotFixID='$($PatchKB )'"| select source,description,hotfixid,installedon 

Now the output leaves a little to be desired, but it will kick out the name of each server checked, then list any matching patches.

Hopefully this is useful to someone else.

Thanks to the Svendsen Tech Wiki and Shariq Sheikh