Tracking Microsoft Security Bulletins Dashboards

by Cody Dumont
July 8, 2014

One of the most difficult tasks in information security is patch management.  SecurityCenter customers have an advantage over other IT professionals; this series of dashboards can help IT professionals understand the true state of Microsoft patch management.  Monitoring the application of Microsoft Security Bulletin patches can be extremely difficult if an organization is not continuously scanning the environment with credentialed scans.  Using SecurityCenter’s ability to use “regular expressions” in combination with mitigation data and current vulnerability data allows for a much clearer picture.  These dashboards will allow for a detailed view of missing Microsoft patches.  

The dashboard and its components are available in the SecurityCenter Feed, an app store of dashboards, reports, and assets. The dashboard can be easily located in the SecurityCenter Feed by selecting category Monitoring, and then selecting tags MS Bulletin and patching. The dashboard requirements are:

  • SecurityCenter 4.8.1
  • Nessus 5.2.7
  • PVS 4.0.2

There are five dashboards in this series.  Each dashboard contains four components.  The components allow for the monitoring of Microsoft patches that are currently missing, and patches that have been missing for more than 30 days.  Additionally, there is a trend graph showing an analysis of how patch management has been maintained over the preceding three months.  The final component shows the count of Microsoft patches that have been applied.

Each of the five dashboards in the series focus on a specific 5 year period, or groups the 5 year periods into smaller, more concise components.   With the diverse range of components, the security professional can select the components that are the most relevant to their environment.  They are:

  • Tracking Microsoft Security Bulletins
  • Tracking Microsoft Security Bulletins (1999 - 2003)
  • Tracking Microsoft Security Bulletins (2004 - 2008)
  • Tracking Microsoft Security Bulletins (2009 - 2013)
  • Tracking Microsoft Security Bulletins (2014 - 2018)

The components included for each dashboard are:

Tracking Microsoft Security Bulletins - Current Missing Patches: This component displays the total count of missing patches related to Microsoft Security Bulletins.  The matrix is comprised of six columns; the first provides a count of affected systems.  The middle four columns provide a count based on the respective severity levels.  The final column provides a count of the vulnerabilities which are exploitable.  The color will change based on the percentage thresholds.    The colors are: >=90 Purple, >= 75 Red, >= 50 Orange, >= 25 Yellow, >= 1 Blue, Default Green.

Tracking Microsoft Security Bulletins - 90 Day Missing Patch Trending:  This component provides a 90-day trend analysis of unpatched systems with respect to Microsoft Security Bulletins.  The different lines in the line chart depict the year the Security Bulletin was released.  The data points are calculated every 3 days over the past 90 days. 

Tracking Microsoft Security Bulletins - Missing Patches for More Than 30 Days: This component displays the total count of patches missing for more than 30 days related to Microsoft Security Bulletins.  The matrix is comprised of six columns; the first provides a count of affected systems.  The middle four columns provide a count based on the respective severity levels.  The final column provides a count of the vulnerabilities which are exploitable.  The color will change based on the percentage thresholds.    The colors are: >=90 Purple, >= 75 Red, >= 50 Orange, >= 25 Yellow, >= 1 Blue, Default Green.

Tracking Microsoft Security Bulletins - Applied Patched (Mitigated): This component displays the total count of applied patches related to Microsoft Security Bulletins.  The matrix is comprised of six columns; the first provides a count of affected systems.  The middle four columns provide a count based on the respective severity levels.  The final column provides a count of the vulnerabilities which are exploitable.  The color will change based on the percentage thresholds.    The colors are: >=90 Purple, >= 75 Red, >= 50 Orange, >= 25 Yellow, >= 1 Blue, Default Green.