2 Replies Latest reply on Apr 30, 2012 8:56 AM by mrspike

    Description of Vulnerability


      I haven't been able to find a definitive answer to this on community. In Patch and Compliance the title of the vulnerability lists a number of N/A severity and the title is Description of Windows Server Update Services 3.0 Service Pack 2 for example. My question is are these just descriptions of the vulnerability or are in fact actual vulnerabilities that do need to be applied? I have generally put them in Do Not Scan or deleted them. I'm wondering if this is the correct practice or do they need to be added to the Scan and then applied?

      We are on LDMS 9.0 SP3.




        • 1. Re: Description of Vulnerability
          Jason SupportEmployee

          This Document should help. LANDesk Patch Content severity levels


          The severity is set by the vendor. Most of the time - Not Applicable applies to any vulnerability that does not have a rating or is a patch or software update that do not have security Implications to them. An example would be a patch that fixes a font display issue in an application.



          • 2. Re: Description of Vulnerability
            mrspike SSMMVPGroup

            You need to review them... some of them ARE security updates....


            Here is a great example, "2647518"


            This is a patch from MS that remediates security vulnerabilities of software by 3rd parties (Not MS)


            MS states since this does not affect their product, they do not rate it.


            It can be some work in the beginning, but what I have done is to create "Baseline" group in it I add all of the patches we require.   For the NA, I did a 'find' for them by severity and then sorted by Title, you fill find some with "Microsoft Security Advisory...." in the name, you should consider adding those to your baseline group.


            From there, I took a new build (from DVD to avoid any slipstreamed patches) in VMware and took a snapshot, then I patched the system fully using my repair group "Baseline".    You may have to run the repair a few times as some patches must be installed be others show up, etc...


            Once you have the system fully patched according to your baseline....  Run Windows update and see what it finds... then decided which, if any of those patches should be added to your baseline group