At our company we use Bigfix to do our Patching for WIndows 2008/2012 Servers, however after patches, our WSUS report/Nessus Scan report shows missed patches,or miss dll patches, but the Bigfix Console report shows the patch being non-relevant. is there a reason for the discrepancy ?
Looking at the Relevance of the particular Fixlet that corresponds with the “missing patch” as reported by WSUS can usually assist you here. In my experience, after drilling into the versions of the DLLs and registry keys that are updated as a result of a particular patch, BigFix has proven to be the source of truth when researching false positives via Nessus or WSUS.
2 Likes
Example: our Nessus Scan shows
MS15-059: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3064949)
Product : Microsoft Office 2013 SP1
KB : 3039749
- C:\Program Files\Common Files\Microsoft Shared\TextConv\Wpft532.cnv has not been patched.
Remote version : 2012.1500.4525.1000
Should be : 2012.1500.4727.1000
When I check on the Server, the File Version are ending with 4525. , however Bigfix showing patch not relevant to the server. Is there a site i can drilling into the version of DLLs and registry keys for Bigfix to check for relevance?
I also used BigFix and WSUS at a previous job, and the question came up about the discrepancy between the two. In each case BigFix proved to be correct, once we drilled down into what file(s) or registry keys needed to be updated.
What may have happened is that a patch would get installed, then an application would get installed on a server that also put old DLLs back on the computer. BigFix would see the old files and then show a patch was needed, where WSUS had logged that the patch had been installed already and did not list it again.
2 Likes