Can anybody help me understand why I still see MS patches which have been superseded by new ones. When I see in details section it gives me details about the superseded patches.
Shouldn't Foundstone automatically remove superseded patches information? If not then is there a way we can fix this up?
Amar Deep Singh
IT Security Engineer
Mckinsey & Company
I came across this as well. McAfee's most recent answer to me was to use the "non superseded patches" vulnerability set.
I use a sql query to tell me all of the MVIDs of the non superseded patches, and then correlate that to my vulnerabilities discovered.
This is not 100% effective, so I correlate what remains to a superseded patches list generated by our IT team, using the MS number as a keyword search in the vulnerability title.
Thanks for Reply John. could you provide me the SQL query you run against the MVM database to get list of all non superseded patches?
Yes, I'd like to get the SQL as well.
Also, does anyone know of a good place to find just the non-superceded patches?
We now use the microsoft patch list bsmi linked above. I
remove any results related to the superseded KB numbers.
We previously used the MS number but found that only some patches associated with an MS number were superseded (for example superseded for win2003 but not Win2008) so drilling down one futher step to the KB level has helped.
So when I use the "non-superseded vuln set " in the section tab of my custom report, the report comes back with no vulnerabilites found. How is adding a vuln set to an asset filter different than adding it to the sections tab ?
Why the MVM still reporting Vulnerability that already superseded patch applied, can some one please explain.
MVM isn't a Patch Management System like MBSA. To account for this McAfee introduced the Non-Superseded Vulnerability Sets like is mentioned above.