I'm not sure how *real-world* folks handle it for sure... I expect it's by using a combination of the results provided by MBSA + Vuln Scanners to remediate any vulnerabilities. I will tell you what I DO know: MBSA reports exactly what patches are needed for your specific OS+Patch Level. MVM on the other hand scans the target for any known vulnerable files. So, you may be fully patched in MS's mind, but still have a vulnerable and exploitable .dll or something on your system - which MVM will FLAG as Vulnerable.
I hope that helps, and hopefully/maybe some of my real-world customers will chime in :-)
have a great day!
No real good way to deal with this though as of yet except in the case of Unsupported software.
There are many cases when the vendor stops producing patches for certain versions of their software.
Microsoft tools will often show that the software is patched or patch is not applicable, while MVM identifies the software as being vulnerable-and it is!
In this case we do a cross reference of the vulnerabilities with a known unsupported software list-and recommend that the version be upgraded to a fully patched and supported version.(Microsoft .Net framework is one glaring example of this..)..
Mcafee has since added a new category of informational checks which help identify End Of Life and Obsolete software to help tie everything together-I don't have any good way of automating this...
on 5/29/13 3:29:17 PM EDT