One easy way to get this information is via the "nover" command (see the "MAINT" column). You can run this via the command line (NSH), as a custom command (ships by default as the "Server Overview" command), or hook it up as an extended object if you really want to see it in the context of the audit results. From NSH just type "man nover" for more information or see the "BladeLogic NSH Commands".
Have you considered creating a Component Template that contains all possible OS service packs from under Windows applications? That way you can run a Application audit that looks only at the service packs.
Run the following as an extended object (Central Execution, CSV grammer).
nsh -c "nover -c -H ??HOST?? | cut -f3 -d,"
Check the extended object by looking at a Server's Live View under Extended Objects. Once the extended object is working as needed, you can audit.