Skip navigation
128 Views 2 Replies Latest reply: Apr 30, 2012 8:56 AM by mrspike RSS
tjk Rookie 22 posts since
Feb 20, 2008

Has received 1 of 9 achievements.
Currently Being Moderated

Apr 27, 2012 10:34 AM

Description of Vulnerability

I haven't been able to find a definitive answer to this on community. In Patch and Compliance the title of the vulnerability lists a number of N/A severity and the title is Description of Windows Server Update Services 3.0 Service Pack 2 for example. My question is are these just descriptions of the vulnerability or are in fact actual vulnerabilities that do need to be applied? I have generally put them in Do Not Scan or deleted them. I'm wondering if this is the correct practice or do they need to be added to the Scan and then applied?

We are on LDMS 9.0 SP3.

 

Thanks,

Tom

  • Jason SupportEmployee 396 posts since
    Dec 16, 2007

    Has received 7 of 9 achievements.
    Currently Being Moderated
    1. Apr 27, 2012 11:42 AM (in response to tjk)
    Re: Description of Vulnerability

    This Document should help. LANDesk Patch Content severity levels

     

    The severity is set by the vendor. Most of the time - Not Applicable applies to any vulnerability that does not have a rating or is a patch or software update that do not have security Implications to them. An example would be a patch that fixes a font display issue in an application.

     

    Jason

  • mrspike SSMMVPGroup 1,321 posts since
    Dec 19, 2007

    Has received 9 of 9 achievements.
    Currently Being Moderated
    2. Apr 30, 2012 8:56 AM (in response to tjk)
    Re: Description of Vulnerability

    You need to review them... some of them ARE security updates....

     

    Here is a great example, "2647518"

     

    This is a patch from MS that remediates security vulnerabilities of software by 3rd parties (Not MS)

     

    MS states since this does not affect their product, they do not rate it.

     

    It can be some work in the beginning, but what I have done is to create "Baseline" group in it I add all of the patches we require.   For the NA, I did a 'find' for them by severity and then sorted by Title, you fill find some with "Microsoft Security Advisory...." in the name, you should consider adding those to your baseline group.

     

    From there, I took a new build (from DVD to avoid any slipstreamed patches) in VMware and took a snapshot, then I patched the system fully using my repair group "Baseline".    You may have to run the repair a few times as some patches must be installed be others show up, etc...

     

    Once you have the system fully patched according to your baseline....  Run Windows update and see what it finds... then decided which, if any of those patches should be added to your baseline group

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 20 points
  • Helpful Answers - 10 points
LANDESK Community powered by Jive SBS® 4.5.7.1  |  Legal Notices  |  Privacy Policy  |  Icon 

TweeterOn Twitter  |  Icon FacebookOn Facebook © 2007 LANDESK Software