Software Updates/Bulletins are missing from the Patch Compliance Reports.
When running the Patch Compliance by Bulletin report those Bulletins are missing, yet when going to the Patch Remediation Center / Manage Software Updates Page - right-click the Bulletin and 'View vulnerable computers', there are applicable machines listed.
Patch Management Solution is not able to target Superseded Software Updates. Reports only list applicable Software Updates which are deployable and have not been Superseded.
The 'View targeted computers' drill down on the Patch Remediation Center does not take the Superseded status into account, for they are merely showing the Software that would be applicable to the updates. However, the Patch Filter will not target those clients if the vendor has deemed the Software Update was Superseded.
Review the Windows Superseded Bulletins report; check if the Bulletin/Update was Superseded or Partially Superseded:
Open the Console > Reports > All Reports > Software > Patch Management > Software Bulletins > Windows Superseded Bulletins:
Ensure Parameters are in order for the following settings:
Release Date From:
Alternatively, may work through the following:
Go to Microsoft's Catalog Site
Input the Software Update / Bulletin in question
Select the individual Software Update Link
View the Package Details tab and note the update which replaced it moving forward
Note the Bulletin that Superseded the targeted Bulletin / Update
Lastly, check the Compliance Report for this Software Update / Bulletin to confirm it is Applicable/Vulnerable/Installed, or the SSE Reports can be utilized to review the main Patch Filter as outlined on TECH227522 to ensure the updates are targeting.
Advisory: Even if the customized modified database items to allow for Superseded Software Updates to be present in the Compliance Reports from HOWTO84835; Patch Management will not target the Software Update, nor deliver it to the listed Client, for the rule logic is disabled in the Patch Filter and that means the update will never target.
Enhancement Request currently being reviewed by Patch Management Development & Product Management: Add ability to manage Superseded Software Updates as needed in extensive testing environments, and implement the ability to turn on/off this deployment logic as targeting per Operating System (OS) architecture; giving the ability to test Superseded Updates on workstations but keeping the Server OS current with the latest updates only.
Workaround options for deploying in testing as follows:
Review the QP Updates, as outlined in INFO3895, for they are the Quality Preview for the updates earlier provided for testing, and then the updates can be deployed a couple weeks later when they are officially released on Patch Tuesday.
Do not run the PMImport until testing has concluded as detailed at the bottom of INFO3895: This will allow for testing until the Clients are current with this month's Rollup Updates, and then the PMImport can be scheduled for the next month release in testing.
Alternative to Patch Management Solution: Utilize Task, Software Delivery or Deployment Solution Jobs; deploy by reviewing the updated Superseded Report Pack, detailed on HOWTO84835, to display Superseded vulnerabilities as outlined in, for the modified reporting will help see what is vulnerable to the older updates.
Imported Document Id
This is machine translated content
Login to Subscribe
Please login to set up your subscription.
Didn't find the article you were looking for? Try these resources.