1 Reply Latest reply on Jun 25, 2014 7:13 AM by Gjstewart

    Incorrect patch severity

    georged Apprentice

      Did anyone else notice some patches not matching the patch severity from Microsoft?

       

      I have my machines reporting only to WSUS, so i can quickly see if I am compliant with basic Microsoft patches. this is not the first time i have noticed missing patches from landesk, as i usually apply all patches with low and above.

       

      these are examples of patches marked important on WSUS but N/A on landesk

       

      2825635_INTL

      2878281_INTL

      2880526_INTL

      2837587_INTL

       

      this is including the originally published severity. Now i couldn't find the severity online anywhere, but it comes in from WSUS as important.

        • 1. Re: Incorrect patch severity
          Gjstewart Specialist

          LANDesk uses the CVSS Standard.

           

          http://www.first.org/cvss

           

          This is a global standard independent of a vendors scoring. Some microsoft patches are Important from a Microsoft point of view as they want you to patch their systems. However from a global stand point they are simply N/A and not a security threat.

           

          What are the patches in question doing when applied? What are the re-mediating?