Software Updates/Bulletins are missing from the Patch Compliance Reports.

book

Article ID: 152254

calendar_today

Updated On:

Products

Patch Management Solution for Windows

Issue/Introduction

Software Updates/Bulletins are missing from the Patch Compliance Reports.

When running the Patch Compliance by Bulletin report those Bulletins are missing, yet when going to the Patch Remediation Center / Manage Software Updates Page - right-click the Bulletin and 'View vulnerable computers', there are applicable machines listed.

Cause

Patch Management Solution is not able to target Superseded Software Updates. Reports only list applicable Software Updates which are deployable and have not been Superseded. 

The 'View targeted computers' drill down on the Patch Remediation Center does not take the Superseded status into account, for they are merely showing the Software that would be applicable to the updates. However, the Patch Filter will not target those clients if the vendor has deemed the Software Update was Superseded.

Resolution

Review the Windows Superseded Bulletins report; check if the Bulletin/Update was Superseded or Partially Superseded:

Open the Console > Reports > All Reports > Software > Patch Management > Software Bulletins > Windows Superseded Bulletins:

  • Ensure Parameters are in order for the following settings:
    • Release Date From:
    • Vendor:
    • Superseded Status:
      • Superseded
      • Partially Superseded
      • Non-Superseded

Alternatively, may work through the following:

  • Go to Microsoft's Catalog Site
  • Input the Software Update / Bulletin in question
  • Select the individual Software Update Link
  • View the Package Details tab and note the update which replaced it moving forward
  • Note the Bulletin that Superseded the targeted Bulletin / Update

Lastly, check the Compliance Report for this Software Update / Bulletin to confirm it is Applicable/Vulnerable/Installed, or the SSE Reports can be utilized to review the main Patch Filter as outlined on TECH227522 to ensure the updates are targeting.

As of the release of PMImport 7.2.x; Patch Management is able to support most Superseded Software Updates:

  • Review the custom reports provided on HOWTO126991; toggle Superseded Compliance Reporting on/off for review 
    • Note: These reports are being reviewed for implementation into the next major release of 8.1 RU2
       
  • Additional workaround options for deploying in testing as follows:
    • Review the QP Updates, as outlined in INFO3895, for they are the Quality Preview for the updates earlier provided for testing, and then the updates can be deployed a couple weeks later when they are officially released on Patch Tuesday. 

    • Do not run the PMImport until testing has concluded as detailed at the bottom of INFO3895: This will allow for testing until the Clients are current with this month's Rollup Updates, and then the PMImport can be scheduled for the next month release in testing. 

    • Alternative to Patch Management Solution: Utilize Task, Software Delivery or Deployment Solution Jobs; deploy by reviewing the updated Superseded Report Pack, detailed on HOWTO84835, to display Superseded vulnerabilities as outlined in, for the modified reporting will help see what is vulnerable to the older updates.