I think it's looking only for specific windows patches as resolution for vulnerabilities, particularly on our Server 2012 machine, which has gotten a lot of rollup patches. Windows Update tells me we are current but the CWP tool is tell me we have a number of vulnerabilities. There is just too much noise here to be useful. It would also be fantastic if you could triage them in some way in the tool and either assign them to users or mark them as handled in some way. Otherwise it all has to come out of the tool.