diff --git a/SecureAuditor.ini b/SecureAuditor.ini
index ab15693..4589dd0 100644
--- a/SecureAuditor.ini
+++ b/SecureAuditor.ini
@@ -57,6 +57,10 @@ MinimumPasswordAge = 1
 MinimumPasswordLength = 12
 PasswordHistorySize = 3
 
+[PendingUpdates]
+; Regex pattern to exclude KBArticleIDs
+Exclude = 
+
 [Rules]
 ; Regex pattern to exclude rule name
 Exclude = 
diff --git a/rules/PendingUpdates.psm1 b/rules/PendingUpdates.psm1
index 2fb29bb..b2c3ccf 100644
--- a/rules/PendingUpdates.psm1
+++ b/rules/PendingUpdates.psm1
@@ -20,11 +20,16 @@ function Test($config) {
     $updateSession.ClientApplicationID = 'Windows Secure Auditor'
     $updateSearcher = $updateSession.CreateUpdateSearcher()
     $result = $updateSearcher.Search('IsHidden=0 and IsInstalled=0')
-    if ($result.updates.Count -eq 0) {
+    $exclude = $config.PendingUpdates.Exclude
+    $updates = $result.updates
+    if (-not [string]::IsNullOrWhiteSpace($exclude)) {
+        $updates = $updates | Where-Object { $_.KBArticleIDs -inotmatch $exclude }
+    }
+    if ($updates.Count -eq 0) {
         return;
     }
     Write-Output "`n## $($i18n.PendingUpdates)`n"
-    foreach ($update in $result.updates) {
+    foreach ($update in $updates) {
         Write-CheckList $false $update.Title
         if ($update.RebootRequired) {
             Write-Output "  - $($i18n.RebootRequired)"