hey guys - I can’t accurately tell what my current status is on ms17-010 patching. i had a perfect bead on the few remaining computers as of two nights ago … I had this mostly fully deployed everywhere and was really just tracking a few problem machines until I fully resolved it. As of today with some new content changes in BigFix, all of the ms17-010 patches popped back up as superseded (as patches regularly do).but the computer list on these superseded patches for MS17-010 are much larger than my prior kill list suggests.
if I try to follow the note trail about what the patch was superseded by, it goes like 3 or 4 layers deep to a more recent June KB. this is confusing and a bit tough to follow and I am not certain I can roll this one out just yet.
my questions are … 1: how can I accurately report on my coverage for this vulnerability? 2: what steps do I need to take now to ensure it’s patched, do I need to push out those superseded patches in the interim to the machines that were already covered and patched, or do I need to push the latest June CU to ensure coverage etc? …
I missed this thread, which explains the recent changes:
I am still not clear on how to handle it or report on it accurately, however. It looks like the server patches that are still original and not superseded are accurate in their reporting, but my workstation / windows 10 superseded patches are showing many endpoints that were not previously relevant. I can’t tell if they’re covered or not.
If your endpoints are relevant to the MS17-010 fixlets, they still need to be patched. You can use that patch, or any of the more recent cumulative patches to fix the vulnerability.
thanks, that seems accurate. I created analysis that lists the srv.sys file version and it seems to match up with the computers showing relevant on the superseded patches