Is there a way (preferably command line) to know what hot fixes are missing?
I am looking for a solution that depends only native utility that is readily available on Windows (such as wmic) or Microsoft (such as Sysinternals)
Assuming you don't mind downloading scripts from the Microsoft Technet Gallery then you can use the PowerShell script Get-WindowsUpdates.ps1:
This script will get all available udpates for the computer it is run on. It will then optionally install those updates, provided they do not require user input.
...
Without any parameters the script will return the title of each update that is currently available.
NAME
C:\scripts\powershell\production\Get-WindowsUpdates.ps1SYNOPSIS
Get and optionally install Windows Updates
SYNTAX
C:\scripts\powershell\production\Get-WindowsUpdates.ps1 [-Install] [-EulaAccept] [<CommonParameters>]DESCRIPTION
This script will get all available udpates for the computer it is run on.
It will then optionally install those updates, provided they do not require user input.
This script was based off the original vbs that appeared on the MSDN site. Please see the Related Links section for the URL.
Without any parameters the script will return the title of each update that is currently available.
Source Get-WindowsUpdates.ps1