Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tracking Microsoft Security Bulletins Detailed Reports

by Steve Tilson
July 17, 2014

Patching is one of the most critical steps in reducing cyber risk. Monitoring the application of Microsoft Security Bulletins can assist organizations in reducing security risks for their Microsoft systems This report provides critical information for analysis of applied and missing patches along with patching timelines for a summary of Microsoft patch efforts.

Microsoft Security Bulletins provide information and guidance about updates that are available to address software vulnerabilities that exist in Microsoft products. With each security bulletin that is released, there is an associated software update available for the affected product. Leveraging SecurityCenter's ability to use Microsoft Bulletin IDs in combination with mitigation instructions and current vulnerability data can provide analysts with better clarity for further required patching efforts.

As vulnerabilities are made known and bulletins are released, so does the risk of exploitation by attackers and the criticality of patch timing. Microsoft bulletins include information about related Knowledge Base articles and provides technical information IT professional will find useful when conducting risk assessments. Microsoft releases security updates on the second Tuesday of every month and patching efforts should reflect. Information in this report provides managers with a high-level view of Microsoft patch management efforts in correlation with Microsoft Security Bulletin’s.

The report and elements are available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the SecurityCenter Feed under the category Discovery & Detection.

 

The report requirements are:

  •   SecurityCenter 5.2.0
  •   Nessus 6.11.2
  •   NNM 5.4.0

Tenable SecurityCenter Continuous View® (SecurityCenter CV™) provides continuous network monitoring, vulnerability identification and security monitoring. SecurityCenter CV™ is continuously updated with information about advanced threats, zero-day vulnerabilities and new types of regulatory compliance configuration audit files. Tenable constantly analyzes information from unique sensors, delivering continuous visibility and critical context, and enabling decisive action that transforms a security program from reactive to proactive. Active scanning periodically examines the applications on the systems, the running processes and services, web applications and configuration settings. Passive listening provides real-time discovery of vulnerabilities on operating systems, protocols, network services, wireless devices, web applications, and critical infrastructure. SecurityCenter CV™ provides an organization with the most comprehensive view of the network and actionable information to support mitigation efforts and reduce cyber risk. Managers can better monitor and asses Microsoft security patch management through Microsoft Security bulletins happening across the network with SecurityCenter CV™. Tenable enables powerful, yet non-disruptive, continuous monitoring that will provide organizations with the information needed to reduce risk within the enterprise.

This report contains the following chapters:

Executive Summary: The executive summary contains several components that provide information on currently missing Microsoft patches, patches that have been missing for more than 30 days, and the patches that have been applied. Additionally, there is a trend graph showing an analysis of how patch management has been maintained over the preceding three months.   

Microsoft Bulletins: The bulletin detail chapters provide a bar chart summarizing the relevant Microsoft security bulletins for the specified year, and an iterator of all vulnerable systems and details of the applicable bulletins.   

The first report groups information for all years (1999-2018) into a single report. The first chapter is an executive summary and provides an overview of Microsoft patch deployments. The remaining four chapters each contain results from a 5-year period; for each chapter, results are combined using the Microsoft Bulletin ID filter feature.  Multiple years can be added to a filter by using a comma as the delimiter. For example, ‘MS09,MS10’ would search for Microsoft Bulletins released in 2009 and 2010.  The other four reports focus on specific 5-year periods.  Each of these reports contains an executive summary and a chapter for each of the individual years covered by the report.

The five reports in this series are:

  • Tracking Microsoft Security Bulletins Detailed Report
  • Tracking Microsoft Security Bulletins Detailed Report (1999 - 2003)
  • Tracking Microsoft Security Bulletins Detailed Report (2004 - 2008)
  • Tracking Microsoft Security Bulletins Detailed Report (2009 - 2013)
  • Tracking Microsoft Security Bulletins Detailed Report (2014 - 2018)
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security