Deploying the software is easy, detecting the installed update was a bit different. Not entirely difficult but noteworthy.
1. Setup the application with the unattended silent install of the .msu update
wusa.exe KBxxxxxx.msu /quiet /norestart
2. In the detection method tab, set the option to "Use a custom script to detect the presence of this deployment type" and click "edit"
3. Change the script type to PowerShell and enter in the cmdlets
get-hotfix | Where-Object {$_.HotFixID -match "KBxxxxxx"}
The deployment should now be good to go. If you run into any execution policy errors or script not signed. You'll need to change the PowerShell Execution Policy to bypass on the SCCM agent client settings.