New Check: Windows Important Updates Missing

After many weeks of research and engineering, we at Kolide are very proud to announce the immediate availability of several new Windows-based features:

  • Device Check: Windows Important Updates Missing
  • Device Detail Page Widget: Windows Update
  • Inventory Item: Windows Pending Updates

Windows Important Updates Missing

This new Check enumerates important Windows updates that have not been installed within 2 days of becoming available.

While building this check, data accuracy was considered paramount. We did not want to return information about updates that did not apply to the device or were already installed. To achieve this specificity, we upgraded Kolide's agent to directly communicate with the Windows Update API, ensuring that the pending updates returned are always relevant and accurate for each device. This also means as soon as updates are installed correctly, they will disappear the next time we query the API.

Another top priority was to ensure that any failures we generated were only for important updates. Important to us means significant updates with security mitigations, anti-malware signatures, updates with high-criticality, or updates that reference bug fixes. If Kolide generates a failure for a missing update, you can bet it's going to be one that your users should install.

Finally, we wanted to go above and beyond when generating the step-by-step instructions for end-users and ensure that the titles for the updates match the titles in the Windows Update UI, even if they are in a different language.

Inventory and Widgets

To round out this new capability, we wanted to offer more than just an opinionated check. We also wanted to visualize information about Windows Update's configuration and provide our customers with information about all available updates (not just the important ones).

To that end, we've created the following Widget, which will now appear on all of your Windows Devices!

Additionally, if you're the type that wants to see all your data in one big table, you can review all pending Windows updates (including optional updates) in our new Inventory: Windows Pending Updates.

Or review the Windows Update Agent configuration in the new Inventory: Windows Update Config to find individuals who haven't scanned for updates in over a week whose updates are paused.

Reporting

If you are participating in our Reporting beta, you will also have access to all of this new inventory data in a queryable database. You can use this capability to perform aggregate queries (like counting data across devices) on data stored in Kolide's Inventory.