(imported topic written by SystemAdmin)
I’ve seen this over and over again and I’ve also seen the so called answers. But I really want to know why BigFix always show fewer Critical patches than the Microsoft Update site. When we do a status check, we constantly hear how BigFix is missing patches and not doing what it is supposed to do. Then we have to manuall run updates or create our own fixlets. Shouldn’t the core fixlet content match the Microsoft Critical fix list?
Here is one example from one machine:
Microsoft Update Reports
High Priority
914961 - Matches BigFix
917283 - Matches BigFix
922770 - Matches BigFix
925720
934238
931768 - Matches BigFix
890830
Optional
934268
Bigfix Reports
922770 Moderate
931768 Moderate
917283 Important
914961 Critical - SP2
How are others handling this?
(imported comment written by SystemAdmin)
Hi jspanitz,
The Patches for Windows sites cover the following:
-
Security updates released through Microsoft Security Bulletins.
-
Any Service Pack or Update Rollup that is required to deploy a supported security update.
-
Any publicly available Hotfix that resolves an issue caused by a supported security update.
In this case the articles you listed here are not security updates so they aren’t covered in the Patches for Windows site. The basic idea here is a focus on security vulnerabilities.
The Optional item (934268) is for the Windows Malicious Spyware Removal Tool. This content is available but its in the Security Policy Manager site.
We can assist in creating custom Fixlets for bulletins that fall outside of our coverage area for you through professional services. Please professional services if you are interested in this offering.