Skip to main content

Ditch Microsoft Windows Update

One particularly important element of operating a secure system is staying up to date on security patches. It's critical to know which patches have been applied to your system and, more importantly, which haven't.

Shavlik Security have released HFNetChk.exe v. 3.86, a free command-line tool that scans and reports missing security patches on your Microsoft Windows Systems. (supports Windows NT Windows 2000, Windows XP, Windows Server 2003)

The HFNetChk tool does this by referring to an XML database that's constantly updated by Microsoft. The tool downloads the security update XML file from You can however use the -ms switch to override and obtain XML file from Microsoft.

Install HFNetChk and open up Command Prompt (Start > Run > CMD). Change to the directory where HFNetChk is installed (Usually C:\Program Files\Shavlik Technologies\HFNetChk\), and type: hfnetchk -v

There are some shortcomings too. The tool is a console-mode program and only prints out a list of Knowledge Base article numbers; it doesn't list URLs or take you to the Knowledge Base articles about the hotfixes. So Michael Dunn has developed a GUI front end to HFNetChk.

WHC runs Hfnetchk, captures its output, and shows a report on hotfixes that need to be installed. Once you've scanned for necessary hotfixes, WHC can also download them from Microsoft and then run them for you.

Download HFNetChk here. [via | via]