IT Management Suite

Hello,

Based on the documentation:

View Not Installed Computers by CVE ID  - Display a list of all computers that do not yet have the necessary remediation patches installed.
But in fact this right-click option redirect to:
Not Installed Updates by CVE ID
How to access the required results? (a list of all computers and not a list of updates)

Thanks in advance!

Hi Jose,

this drill-down report should show both vulnerable computers and updates that could be used to remediate vulnerability.

The reason why it's used instead of just list of computers because the same CVE ID could be remediate by different updates depending on OS version, installed applications (the same CVE ID may require updates in both Chrome and Edge, for example), etc.

In my case I see that parent report identified 8 computers that are vulnerable:

and these 8 computers are shown the drill-down (among with 12 updates suggested for remediation - different updates depending on Office 365 channel + multiple updates could be used for remediation on some of the computers):

Thank you,
Dmitri.

Hello,

Based on the documentation:

View Not Installed Computers by CVE ID  - Display a list of all computers that do not yet have the necessary remediation patches installed.
But in fact this right-click option redirect to:
Not Installed Updates by CVE ID
How to access the required results? (a list of all computers and not a list of updates)

Thanks in advance!

Hello Dmitri,

Thanks for the explanation.

Following your steps:

Windows Compliance by Bulletin (MS24-03-VL2019) shows me 574 devices that were not installed.

The drill-down presents the same result: 574 not-installed updates (one computer per line because this bulletin contains only one update (Office2019-16.0.10408.20002-PerpetualVL2019.cab))

Using the same approach with the CVE ID CVE-2024-21413 related to this bulletin; we have 66 not-installed devices.

The not-installed drill-down presents 36 lines (one computer per line because the CVE refers to only one update).

How can we explain the difference between 66 and 36 (30 devices) that the Compliance by CVE ID presents as non-compliant?
I want to guide my team in forcing the update on 66 devices, not only 36. 
This could be caused by misconfiguration, or is it only misinterpretation?
We want to clarify this gap.
Thanks in advance for your help!

Hi Jose,

this drill-down report should show both vulnerable computers and updates that could be used to remediate vulnerability.

The reason why it's used instead of just list of computers because the same CVE ID could be remediate by different updates depending on OS version, installed applications (the same CVE ID may require updates in both Chrome and Edge, for example), etc.

In my case I see that parent report identified 8 computers that are vulnerable:

and these 8 computers are shown the drill-down (among with 12 updates suggested for remediation - different updates depending on Office 365 channel + multiple updates could be used for remediation on some of the computers):

Thank you,
Dmitri.

Hello,

Based on the documentation:

View Not Installed Computers by CVE ID  - Display a list of all computers that do not yet have the necessary remediation patches installed.
But in fact this right-click option redirect to:
Not Installed Updates by CVE ID
How to access the required results? (a list of all computers and not a list of updates)

Thanks in advance!

Hi Jose,

difference between Windows Compliance by Bulletin and Windows Compliance by CVE ID most likely could be explained by the fact that given CVE ID was remediated [on those machines that represent the delta in numbers between the reports] by earlier updates that included the same fix. If we talk specifically about Office 2019 Volume license - it was originally fixed in MS24-02-VL2019.

As for Windows Compliance by CVE ID - as far as I can see you have grouping by Update applied there. May you check that you don't get additional updates reported by this drill-down (by removing the grouping)?

Let's also try troubleshooting by changing the Supersedence Status selection to All - do you get non-matching result with this configuration as well?

Hello Dmitri,

Thanks for the explanation.

Following your steps:

Windows Compliance by Bulletin (MS24-03-VL2019) shows me 574 devices that were not installed.

The drill-down presents the same result: 574 not-installed updates (one computer per line because this bulletin contains only one update (Office2019-16.0.10408.20002-PerpetualVL2019.cab))

Using the same approach with the CVE ID CVE-2024-21413 related to this bulletin; we have 66 not-installed devices.

The not-installed drill-down presents 36 lines (one computer per line because the CVE refers to only one update).

How can we explain the difference between 66 and 36 (30 devices) that the Compliance by CVE ID presents as non-compliant?
I want to guide my team in forcing the update on 66 devices, not only 36. 
This could be caused by misconfiguration, or is it only misinterpretation?
We want to clarify this gap.
Thanks in advance for your help!

Hi Jose,

this drill-down report should show both vulnerable computers and updates that could be used to remediate vulnerability.

The reason why it's used instead of just list of computers because the same CVE ID could be remediate by different updates depending on OS version, installed applications (the same CVE ID may require updates in both Chrome and Edge, for example), etc.

In my case I see that parent report identified 8 computers that are vulnerable:

and these 8 computers are shown the drill-down (among with 12 updates suggested for remediation - different updates depending on Office 365 channel + multiple updates could be used for remediation on some of the computers):

Thank you,
Dmitri.

Hello,

Based on the documentation:

View Not Installed Computers by CVE ID  - Display a list of all computers that do not yet have the necessary remediation patches installed.
But in fact this right-click option redirect to:
Not Installed Updates by CVE ID
How to access the required results? (a list of all computers and not a list of updates)

Thanks in advance!