How to manually check MS-Security patches status on Clients machine

ConfigMgr is not collecting the list of Software Updates (patches) for Window 7/Vista/ 2008/ 2008 Core operating systems. Because, on these operating systems this information is stored in “Win32_QuickFixEngineering”  WMI class (it’s not anymore listed in Add Remove Programs) and the inventory of this class is NOT enabled in SMS_DEF.MOF (by default). Hence ConfigMgr. report won’t be able to provide these details unless and until you’ve enabled the appropriate WMI class in SMS_DEF.MOF.
Whereas, in Windows XP, Windows 2003 etc. operating systems, the list of Software Updates (patches) are stored in Add Remove Programs and the WMI class for Add Remove program is enabled by default in SMS_DEF.MOF. Hence you will get these details from ConfigMgr reports for Windows XP, Windows 2003 etc. systems.
It’s not recommended to enable “Win32_QuickFixEngineering” WMI class. Refer the warning given in the SMS_DEF.MOF file below.

“DO NOT: Enable the Win32_QuickFixEngineering class unless you have installed the QFE for Q279225.  Enabling this class without the QFE will result in inventory cycles taking a very long time to complete on the client and the WINMGMT service using 99% to 100% CPU time and leaking memory.”
The easiest way to get details from a single system is given below.
One liner command to list down the patch details of a machine (applicable only for Window 7/Vista/ 2008/ 2008 Core operating systems).
Wmic qfe list >c:\list.txt
This will provide you the list of Software Update (patches) applied on a system along with Caption, CSName (Hostname of the system – computer name), Description (category of the software update – Update, Hotfix, Security Update etc…), HotFixID, InstalledBy, InstalledOn (Date of Installation)