I need some better understanding of how Landesk supersedes patches and how to move the superseded patches to the "do not scan" folder.
I am running the ldms_core utility to do this and I think there's an issue there. It seems to be moving patches that were only partially superceded.
Let's take for example MS08-001:
It's replaced by MS08-037 and it's description is : "Vulnerabilities in TCP/IP Could Allow Remote Code Execution (941644)"
Now, if you check MS08-037:
It says that SOME KB's are replaced by MS09-008 and it's description is: "Vulnerabilities in DNS Could Allow Spoofing (953230)"
If you check MS09-008:
It says that SOME KB's are replaced by MS09-039, with the description: "Vulnerabilities in DNS and WINS Server Could Allow Spoofing (962238)"
If you check MS09-039:
The description says: "Vulnerabilities in WINS Could Allow Remote Code Execution (969883)
Now, some questions:
1. If MS08-037 replaces MS08-001, shouldn't the desciption and the vulnerability be the same? If one patch supersedes the other, it's patching the same vulnerability, so to me, it should list the same vulnerability as the original one it's fixing.
2. We go from patching TCP/IP, to DNS to DNS and WINS and then to WINS ------------- HUH??
3. How do I manage my patches? I guess I now have to scan for all 3 patches?? Then you install one over the other over the other?