Detecting installed Windows patches

We're trying to use scanner-based inventory to find all installed software on a server, including the installed patches.  In the Mapping Options portion of the inventory activity setup, we have selected the Raw OS Installed Software option to gether the additional information, but the trick is finding a regular expression that will capture all installed Windows patches.

Microsoft has a habit of naming patches "Security this" and "Update that" or "Hotfix for the other thing" so I'm trying to figure out a way to tell UD to pick up anything where the name contains "KB" since the KB numbers are always included in the title of the patch.  I've tried a number of different regular expressions, but nothing has worked that pulls everything in.

I've attached our current settings that I thought might work, but they didn't get any of the Windows patches (just the patches for other Microsoft apps like .NET Framework).  Has anyone found a pattern that gets all Windows patches?