Alexa,
We are using this to look for the original KB’s for MS17-010 AND all the KB’s that superseded them.
not exists keys whose (name of it contains "KB4012216" or name of it contains "KB4013429" or name of it contains "KB4012598" or name of it contains "KB4012606" or name of it contains "KB4012214" or name of it contains "KB4012217" or name of it contains "KB4012213" or name of it contains "KB4012212" or name of it contains "KB4012215" or name of it contains "KB4015217" or name of it contains "KB4019472" or name of it contains "KB4015221" or name of it contains "KB4019474" or name of it contains "KB4015551" or name of it contains "KB4019216" or name of it contains "KB4015549" or name of it contains "KB4019264" or name of it contains "KB4018466" or name of it contains "KB4015550" or name of it contains "KB4019215") of keys ("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages";"HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Hotfix") of (x32 registries;x64 registries)
This should return any system that is not patched