0 Replies Latest reply on Oct 21, 2010 11:24 AM by mmsmith

    How to handle scanning from a patching perspective (“Patches Only” or “Patches and Hotfixes”)?

    mmsmith

      I was just curious how everyone handles scanning from a patching perspective (“Patches Only” or “Patches and Hotfixes”? Do most still scan for the "Patches and Hotfixes" then strip out only the missing patches in the reports to send to whoever is responsible for patching?

       

      The issue I'm running into is from a scanning perspective we want to scan for as much as possible to identify the most vulnerabilities, but from a reporting/patching perspective it inflates the reports and doesn't give an accurate picture of the missing patches. For instance MS10-053 has 6 separate CVEs related to it, but within MVM each of the vulnerability checks are exactly the same. So, if you fail one of them you will most likely fail all of them. And of course they all have the same KB for this one.

       

      This is the check MVM is doing for each of the CVEs related to MS10-053:

      File: %systemroot%\system32\mshtml.dll
      Expected Version: 6.0.2800.1651
      Existing Version: 6.0.2800.1650
      KB2183461

       

      On the flip side another example is MS09-062 that has a ton of KB articles posted for it. The problem we were having here is if I only scan for the main patch it will not check for some of the roll ups or updates to the original patch.

       

      Just wanted to see if anyone else out there is running into similar issues and see if anyone has any suggestions on how to handle this?