Microsoft Patch Tuesday Tracking One-Stop-Shop

Microsoft Patch Tuesday is a monthly challenge for operations teams that run Microsoft products, especially if critical or zero-day vulnerabilities are announced. Operations teams are often left scrambling to get patches deployed in the face of users who do not want their daily work interrupted by deployment activities, such as a reboot. This dashboard provides a comprehensive view of the organization’s Microsoft Patch Tuesday status over time, to help organizations identify the most difficult issues to remediate.

Systems that fall behind on patching efforts may have stability issues, security holes, or have outdated features. Operations teams must be able to quickly detect these vulnerable devices, and be alerted when patching efforts fall behind organizational requirements to prioritize remediation. The Patch Tuesday bulletins cover a wide range of Microsoft operating systems and applications with varying levels of severity. Tenable recommends verifying that scans have been performed using privileged credentials to ensure the most accurate results.

To assist with better identification of risk and association of risk with operating systems, applications, packages, and hardware, Tenable Research has begun associating Nessus plugins with the software vendor, product types, and other software inventory based attributes. This dashboard leverages the “Product Type”, which is grouped into the 4 types previously mentioned. There are 2 widgets that utilize the product type "Operating System” and 1 widget that uses product type “Application and Package.” By combining the plugin family “Microsoft Bulletins” and the product type, risk managers are able to better understand the risk exposure according to each operating system version and application.

During the risk mitigation activities, Windows assets will have patches, fixes or roll-up packages installed, but a reboot of the system is required before the new software can be loaded into memory. The install packages from Microsoft may have the Reboot Required to Apply Patch flag set.  If the pending changes are security-related, the assets could remain vulnerable to attack until a reboot occurs. The operations team needs the ability to easily track and identify the systems that are still at risk, due to this setting. This dashboard provides a quick way to identify the number of assets in the network in the need of a reboot.

In 2025 Tenable updated the Vulnerability Priority Rating (VPR) algorithm to focus operational teams on top most critical vulnerabilities. This means significantly reduced workloads and higher efficiency without compromising on risk. The new VPR provides more detailed information on why each score was assigned, facilitating greater explainability for the end-user. Leveraging the software inventory properties along with identifying the operating systems, this dashboard provides an analysis of the most prevalent operating system in accordance with the greatest risk. The widget is dynamically generated to provide the organization with the top VPR score range, allowing for deeper understanding of risk by Microsoft operating system and the VPR score.

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable Vulnerability Management discovers and analyzes assets continuously to provide an accurate and unified view of an organization's security posture. The requirement for this dashboard is: Tenable Vulnerability Management.

Widgets

Patch Tuesday Updates Missed in 2025 - 2026 (Explore): This widget displays the missing Microsoft Patch Tuesday updates for each month from the years 2025 - 2026. Each row in the matrix is assigned to the year the patch was released. The other filters used are the MS Bulletin Plugin Family along with finding state, and severity. These numbers illustrate the date the patch was released and not the date the finding was discovered. 

Outstanding Microsoft Remediations - Time since Patch Publication (Explore): The Outstanding Microsoft Remediations - Time since Patch Publication widget displays the total count of missing patches related to Microsoft Security Bulletins using the Windows: Microsoft Bulletins and Windows plugin families. The matrix is composed of five columns. The first column provides a count of the vulnerabilities that are exploitable, and the last four columns provide counts of vulnerabilities based on severity levels.

Patch Tuesday Updates Missed in 2023 - 2024 (Explore): This widget displays the missing Microsoft Patch Tuesday updates for each month from the years 2023 - 2024. Each row in the matrix is assigned to the year the patch was released. The other filters used are the MS Bulletin Plugin Family along with finding state, and severity. These numbers illustrate the date the patch was released and not the date the finding was discovered. 

Microsoft Hosts with Windows Patching Gated by a Required Reboot (Explore): These are the assets where Microsoft has turned on the Reboot Required to Apply Patch flag. This widget provides a quick way to identify the number of assets in the network in the need of a reboot. 

Risk from Missing Microsoft Bulletins - Broken out by VPR Score and OS (Explore): The widget leverages the software inventory feature Product Type, which helps to better identify the risk associated with operating systems. Tenable Research has begun associating Nessus plugins with the software vendor, product types, and other software inventory based attributes. The vulnerability findings displayed are grouped by the VPR score and sorted to show the operating systems and the VPR scores combined. This allows for the analyst to quickly identify the operating systems and group the most severe finding for immediate prioritization.  

Risk from Missing Microsoft Bulletins - Broken out by CVSS Severity and OS (Explore): The widget leverages the software inventory feature Product Type, which helps to better identify the risk associated with operating systems Tenable Research has begun associating Nessus plugins with the software vendor, product types, and other software inventory based attributes. The vulnerability findings displayed are grouped by the CVSS severity and sorted to show the operating systems and the severity combined. This allows for the analyst to quickly identify the most severe operating systems findings for immediate prioritization. 

Risk from Missing Microsoft Apps/Packages - Broken out by App and CVSS Severity (Explore): The widget leverages the software inventory feature Product Type, which helps to better identify the risk associated with applications and packages. Tenable Research has begun associating Nessus plugins with the software vendor, product types, and other software inventory based attributes. The vulnerability findings displayed are grouped by the CVSS severity and sorted to show the application and package and the severity combined. This allows for the analyst to quickly identify the most severe application and package findings for immediate prioritization. 

Windows Hosts Missing the Most Microsoft Bulletins (Explore): During the risk mitigation activities, Windows assets will have patches, fixes or roll-up packages installed, but a reboot of the system is required before the new software can be loaded into memory. The install packages from Microsoft may have the Reboot Required to Apply Patch flag set.  If the pending changes are security-related, the assets could remain vulnerable to attack until a reboot occurs. The operations team needs the ability to easily track and identify the systems that are still at risk, due to this setting. This widget provides a quick way to identify the number of assets in the network in the need of a reboot. 

Patch Troubleshooting Plugins (Explore): During the scanning process there are several indicators available within Nessus plugins to indicate success or failure of the risk assessment. This widget leverages plugins set related to patch auditing/validation as well as to identify issues, such as where an asset needs to be rebooted to apply a patch.