Software Update 'Severity' ratings appear to be inaccurate in Compliance Report drill down.

book

Article ID: 159367

calendar_today

Updated On:

Products

Patch Management Solution for Windows

Issue/Introduction

Found the discrepancies when viewing Severity ratings within the Compliance Report drill downs and how they compare to data detailed in the Patch Remediation Center listings and in reference to the Microsoft TechNet site.

Example reviewed:

  1. Opened Console > Actions > Software > Patch Remediation Center:
    1. Highlight MS14-011 > Right-click > List Software Updates: Found this Bulletin is listed with 29 English/Invariant Language Updates; some updates marked for 'Moderate' Severity and some marked for 'Critical' Sevierity rating.
    2. Referenced this on TechNet for MS14-011 and it is in order for each individual Software Update.
       
  2. Opened Console > Reports > Software > Patch Management > Compliance > Compliance by Bulletin report:
    1. Highlight MS14-011 > Right-click > View Not Installed Computers by Bulletin; the results list all of the updates marked for 'Critical' Severity rating.

Cause

Patch Management Compliance Reports return on the overall Bulletin's Severity rating and not individual Software Updates.

  1. Compliance Reports display Severity of the Software Updates in regards to their respective Software Bulletin's Severity rating from Microsoft. This will ensure that the updates will be deployed based on the overall Bulletin rating of severity by the Vendor.
     
  2. Patch Remediation Center drill down of 'List Software Updates' displays Severity based on the individual details of the Software Updates to better inform the Administrator of all details of that update.

As in the Example above: 

  1. Microsoft deemed Software Bulletin: MS14-011 in February to be a 'Critical' Severity Bulletin
    1. The Software Bulletin Severity ratings are marked this way in Compliance Reports, for the deployment of each Bulletin is a whole, and the individual Software Updates cannot be split apart in Patch Management. These Software Updates are all-inclusive within the Software Bulletin for Package and Software Update Policy creation and ensure that the environment's security integrity is maintained.

Advisory: the Compliance Reports will only display updates which are vulnerable to the environment, so if an environment’s Compliance Report displayed vulnerable to a 'Moderate' Severity rated update, yet the Bulletin of that update is rated as 'Critical' Severity from Microsoft, then the environment could be susceptible to a Critical threat if that Update is not deployed. This is why the product was developed in this manner to overtarget based on the Bulletin Severity rating.

Resolution

An Enhancement Request is currently under review by Symantec Corp.

Workaround: To add behavior; implement the attached StoredProcedure/process to run a clone of the 'Windows Compliance by Update' report that will display Severity by individual Software Update.

Advisory: Each vendor has a separate Severity Rating. Please review the following links which define what Severity Rating is given by the individual Vendor:

Attachments

spPMWindows_ComplianceByUpdate2.sql get_app