For a long time in both Windows 7 and Windows 10 it was possible to uninstall (or rollback) Windows Update patches via simple command:
C:\Windows\System32\wusa.exe /uninstall /kb:XXXXXX /quiet /norestart
Where “XXXXXX” marks the selected KB number (without the “KB” prefix).
However, recently in Windows 10 we have noticed that this command was no longer working for some patches. Since then we have started using DISM for this, and it seems to work like a charm:
$SearchUpdates = dism /online /get-packages | findstr "Package_for"
$updates = $SearchUpdates.replace("Package Identity : ", "") | findstr "KBXXXXXX"
DISM.exe /Online /Remove-Package /PackageName:$updates /quiet /norestart
What it does? It lists all installed updates, finds your “KBXXXXXX” update and then removes it via Windows DISM tool. This small piece of Powershell code can be then packaged for SCCM/Intune and deployed on machines where a rollback is needed.
Usually you also want to induce a computer restart after running this script.