Oct month Pacthing Issue

Hi All,

In BigFix Console, I am able to see two patches of same name. Do we need to install Both of them, If No then when we are pulling report from Web report Out of two fixlet one is showing remediated whereas another one is showing relevant.

Here are the screenshot of those fixlet from BigFix Console:-


Screenshot from Web Report

Kindly suggest.

Hi – these are not actually the same patch.

One is Security Only, one is a Monthly Rollup.

This is change is discussed in a couple of places and it’s related to new servicing models in Windows 7 and 8.1

https://www.ibm.com/developerworks/community/blogs/a1a33778-88b7-452a-9133-c955812f8910/entry/How_will_IBM_BigFix_Patch_address_new_servicing_models_for_Windows_7_and_8_1?lang=en

Essentially this is the monthly update for .Net Framework 3.5.1. There is a security only update which solely addresses security issues since the last patch and there is a monthly rollup which may contain stability/usability enhancements in addition to security.

The screenshot from your web report is actually a different set of patches. I’m not entirely sure why one would show as remediated and the other as relevant. Is this happening across all of your machines?

@Thanks Strawgate for your response.
We have tested only for one machine.
So, You want to say the patches which are listed above for totally different from each other.

You’ve got,

KB3185330
KB3192391
KB3188730
KB3188740

Between your two screenshots – which are all different KB numbers and they have slightly different titles as they are different patches

Bill

Ok so, means all the above patches need to be installed in-order to see the servers in re mediated list.

Thanks a lot Strawgate :slight_smile:

You definitely don’t need to install all of the patches in order.

Your organization should make a business decision whether to patch using Security Patches Only or Security + Usability Patches each month and then apply just those patches.

Hopefully someone from IBM can comment on why the security one may be applicable after applying the Security + Usability patch.

Bill

1 Like

I am seeing a similar instance of that in our environment… Security Quality Rollup 3185331 was installed on several servers on Saturday, which now no longer show the quality rollup as relevant, but still show the Security Only Rollup 3192392 as outstanding. As 3192392 should essentially be encapsulated in 3185331, this should not be the case:

The security fixes listed above that are included in this security update 3185331 are also included in this October 2016 month’s Security Only Quality Update 3192392, which only includes those fixes. Installing either update will include the security fixes listed above and the Security Monthly Quality Rollup also includes improvements and fixes from previous Monthly Rollups.

It is possible we have an issue with relevance here… and since the relevance for these rollups is now so long & convoluted that it is almost impossible to unravel, it is very difficult to advise users on the best way to resolve issues like these.

Anyone know of a tool to break down relevance, or even flag which clause of a relevance query is failing? Or is that a pipe dream?!

Hi Catherine,

Could you make sure the following has been done:

  • Computer is restarted after installing the Monthly Rollup
  • The console cache has been cleared
  • Security-only Fixlet’s relevance is run on one of the computer with Monthly rollup installed and evaluating true

If all above are ‘yes’, kindly open a PMR so the Fixlet content team can investigate further.

Thank you!

I have a PMR open; its not a reboot/cache issue.

I’ve also submitted an RFE for an enhanced relevance detection tool:

http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=96073