The easiest way to tell which machines have had the patch (successfully)
applied is to rescan them - if the patches installed successfully, the
machines will no longer appear in the Highly Vulnerable tab.
I tend to group our workstations and apply the same (missing)
patches to a group at a time, then rescan the entire group (to catch
workstations that may have been offline during the patch deployment).
It helps me manage patch installation on our large number of
workstations fairly efficiently. But if you're keeping track
of your workstations' configurations over time (for change
control, I'd guess, then your suggestion of the extra column in
configurations view makes sense.