Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Windows Patch Level/Rollup Tracking

by Sharon Everson
June 11, 2021

Windows Patch Level/Rollup Tracking

A significant benefit of an effective cybersecurity program is that organizations will improve business continuity and confidence when dealing with security threats. This dashboard gives you visibility into Microsoft Rollup status as well as severity, trend, and host count data to highlight organization-wide patching context. Microsoft Rollups are a tested cumulative set of updates typically released to address a significant event. Rollups include both security and reliability updates that are packaged together and distributed over Microsoft’s standard update mechanisms. The Monthly Rollup addresses both new security issues and non security issues in a single update and does not require cumulative patching.

Organizations regularly need to know which of the systems in their environment are up to date or require patching. When systems fall behind patching efforts they become vulnerable to compromise. Systems missing rollups may have stability issues, security holes, or have outdated features. When these systems are compromised, attackers rapidly gain an advantage by leveraging additional vulnerable systems to laterally move throughout the network.  To reduce risk, Operations teams must be able to detect these vulnerable  devices, and be alerted when patching efforts fall behind organizational requirements.  

Operations teams are typically responsible for not only monitoring the organization’s infrastructure, but also for patching and remediating risk. To do this, the operations team requires vulnerability details which easily identify the most significant vulnerabilities, and provides guidance towards mitigation. The ability to identify the  risks which are present due to missing patches is paramount. In addition to rollup status, this dashboard provides severity, trend, and host count data to highlight organization-wide patching context. By identifying assets that are missing critical vulnerability patches, operations teams can quickly reduce the attack surface, and visually track efforts and measure against established goals.

Organizations should use this dashboard to assist operations teams in monitoring outdated assets within the organization, and guide them in detecting, predicting, and reducing risk across their entire attack surface. Components not only include critical missing rollup patches, but also quarterly  patch tracking to identify the length of time that an asset has been out of date. Utilizing Tenable’s Predictive Prioritization technology of combining vulnerability data, threat intelligence and data science, this dashboard directly benefits operations teams in determining where to start when navigating a sea of vulnerabilities. Further, when missing Microsoft Security Rollups are identified, Tenable.sc can quickly provide alerts via workflows and notifications, to further speed up incident response and vulnerability remediation.

This dashboard is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Compliance & Configuration Assessments.

The dashboard requirements are:

• Tenable.sc 5.18.0

• Nessus 8.15.0

This dashboard contains the following components:

Windows Patch Level Rollup Tracking - 90-day Vulnerability Trend for Missing RollupsThis component presents a 90-day trend of vulnerabilities for hosts identified as missing any Microsoft Windows Rollup KB.

Windows Patch Level/Rollup Tracking - Missing Rollups Presenting a High Risk (VPR 7 -10): This component presents a table of vulnerabilities sorted by Vulnerability Priority Rating (VPR) for hosts identified as missing Microsoft Windows Rollup KBs.

Hosts with the Most Missing Rollup KBs: This component displays the top 5 hosts missing Microsoft Rollup KBs, patches.

Windows Hosts With Old Patch Levels (Patched only with Pre-2020 Rollups): This table provides a list of hosts that only have Microsoft Rollup patches dated from before 2020 installed.

Windows Hosts With No Confirmed Patch Level for > 30 Days: This table provides a list of hosts that have not received the latest Microsoft Windows Rollup.

Windows Host - Latest Effective Monthly Rollup Patch Level (Q1): This matrix presents a monthly analysis of the last Microsoft Rollup that has been applied to a host for Quarter 1 of 2020-2022.

Windows Host - Latest Effective Monthly Rollup Patch Level (Q2): This matrix presents a monthly analysis of the last Microsoft Rollup that has been applied to a host for Quarter 2 of 2020-2022.

Windows Host - Latest Effective Monthly Rollup Patch Level (Q3): This matrix presents a monthly analysis of the last Microsoft Rollup that has been applied to a host for Quarter 3 of 2020-2022.

Windows Host - Latest Effective Monthly Rollup Patch Level (Q4): This matrix presents a monthly analysis of the last Microsoft Rollup that has been applied to a host for Quarter 4 of 2020-2022.

Try for Free Buy Now
Tenable.io FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Get a Demo

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a Demo

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.

Request a Demo

Tenable.ad

Continuously detect and respond to Active Directory attacks. No agents. No privileges. On-prem and in the cloud.