This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can not find patches for some CVEs

ZCM 2020.1, single appliance (U2 migration in the queue)

Even though I have a CVE tracker dashlet running for a given CVE showing we have systems with it patched and a few still to be patched,  I can not find it in the Patches list

CVE-2022-37958
for which KB5017308 is one of the patches for it, though it has been superseded since.

This is the sort of question managers and executives ask about from time to time that we need to be able to quickly give an answer to (they read an article about it) as isn't this why we are paying for this patch management? 

So beyond the manual process of tracking what was the original patch for the CVE and figuring out their current iterations, is there a way to answer "what systems we still need to patch?"  so that we can "make it so" on the make sure they are patched front.

________________________

Andy of KonecnyConsulting.ca in Toronto
Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

  • 0  

    The information in ZCM comes from the NIST Database, which is based on data from the vendors.

    https://nvd.nist.gov/vuln/detail/CVE-2022-37958 is here....

    Which links to here....

    https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37958

    Which links to here...

    https://catalog.update.microsoft.com/Search.aspx?q=KB5017308

    In short, it is Fixed in the Sept 2022 Rollup or Newer.

    --

    Most likely, one would create a Policy that automatically applied any/all MS Critical Patches versus adding patches one at a time to be deployed as CVEs are reported.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • 0   in reply to   

    In short, it is Fixed in the Sept 2022 Rollup or Newer.

    --

    Most likely, one would create a Policy that automatically applied any/all MS Critical Patches versus adding patches one at a time to be deployed as CVEs are reported.

    That Rollup was what I was figuring,  but still doesn't provide that quick answer when we get asked.  Sounds like An Idea/Enhancement request, so that if for some strange reason (things happen) any devices miss that bit, we then know which they are so that we can make sure they get updated.

    As for the automating,  that is what we are zeroing in on.  Activating the Patch Management is a new thing at this client, so using it to clean up existing way out of date patches before automating things.  Trying to get both my understanding of the system up to speed and the PC techs at a good basic understanding before pulling the automation trigger.  Fixing automation works better when we understand what it is doing.  And forcing reboots has its own challenge we are still working through.

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.

  • Suggested Answer

    0   in reply to   

    I would use a policy for the "SSU" and the "Monthly Cumulative", as that will generally take care of most of the issues.

    In general, any CVE that is fixed outside of a "Rollup" will be in the latest monthly update.  If it is not, it is unlikely to be flagged as superseded unless the original patch did not actually work, in which case the CVE DB would likely then be updated with the corrected patch

    Often folks configure the policy to not apply a patch for X Days until released, which may be wise since the customer is new and perhaps less comfortable with frequent patching, though some delay is always wise in case any given monthly update generates significant buzz around issues it causes.  Uncommon, but it happens some months more than others.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks