How to List Pending Updates Across All Windows Devices
Using Kolide, you can easily view and query Windows Pending Updates across your fleet.
Introduction
A list of Windows Updates which are pending or partially installed. These updates include both optional and important updates and include metadata about the update themselves, such as the category they belong to and when they were made available for download.
Kolide collects this information by calling out to the device's configured Windows Update server. As a result, it is possible that available updates will be visible in Kolide before they are visible in the Windows Update tool on a device.
What Windows Pending Update Data Can Kolide Collect?
Kolide's endpoint agent bundles in osquery to efficiently collect Windows Pending Updates from Windows devices in your fleet. Once collected, Kolide will parse, clean up, and centrally store this data in Inventory for your team to view, query, or export via API.
Kolide meticulously documents every piece of data returned so you can understand the results.
Windows Pending Updates Schema
| Column | Type | Description | |
|---|---|---|---|
| id | Primary Key |
Unique identifier for the object |
|
| device_id | Foreign Key |
Device associated with the entry |
|
| device_name | Text |
Display name of the device associated with the entry |
|
| categories | Text[] |
A list of applicable Windows Update applicable categories UUIDs. |
|
| description | Text |
The long-form description of the pending update. |
|
| installed | Boolean |
|
|
| kb_articles | Text[] |
The Microsoft Knowledge Base (KB) articles associated with the update. |
|
| last_published_date | Date |
The precise time the Windows Update was published and became available for this device. (Also known as the time the WSUS Server deployed the update.) |
|
| locale | Text |
The locale associated with the name and description of this update. |
|
| name | Text |
The name of the pending update. |
|
| reboot_required | Boolean |
|
|
| security_bulletins | Text[] |
The security bulletins associated with the update. |
|
| supersededed_update_ids | Text[] |
A list of |
|
| update_id | Text |
The unique identifier associated with the update. |
|
| update_type | Enum::Text |
The precise time the Windows Update became available for this device. Can be one of the following:
|
|
| collected_at | Timestamp |
Time the row of data was first collected in the database |
|
| updated_at | Timestamp |
Time the row of data was last changed in the database |
|
Why Should I Collect Windows Pending Updates?
Pending Windows Updates may be reviewed by an IT or Security administrator to identify devices which are not running the latest version of Windows, or are missing important security patches. Patch management is an important compliance requirement for many organizations.
End-User Privacy Consideration
Kolide practices Honest Security. We believe that data should be collected from end-user devices transparently and with privacy in mind.
No personally identifiable or sensitive data is collected or transmitted as part of this Inventory.
When you use Kolide to list Windows Pending Update data from end-user devices, Kolide gives the people using those devices insight into exactly what data is collected, the privacy implications, and who on the IT team can see the data. This all happens in our end-user privacy center which can be accessed directly by employees.
