Hi, some vulnerabilities are displayed in WSUS and they aren’t shown in Bigfix. The vulnerabilities that are shown in Bigfix aren’t available in the Microsoft bulletin, can anyone explain me why?
Thanks.
What Vulnerabilities would those be?
Usually what shows up long term in WSUS but not BigFix are HotFixes and other non-Security related patches.
There is usually a slight delay between Microsoft releasing a patch and IBM releasing the Fixlets for the content. Usually 8 hours or less (their commitment is actually spelled out somewhere, but they usually get it done much quicker).
1 Like
Like KB3045557 is shown in Bigfix but not in WSUS. And there are so many like that.
That’s the opposite of what you posted initially.
Initially you seemed to be talking about patches showing up in WSUS, but not in BigFix.
Now you seem to be referring to a patch showing up in BigFix but not in WSUS.
I’ve had problems in the past with .Net updates/patches and WSUS. Check the Relevance that IBM used to create the Fixlet with and I would be willing to bet that one of more of the DLL’s delivered by the .Net patch are still older versions on the computer that BigFix says needs the patch.
WSUS doesn’t seem to care about some of these things. It seems to look to see if the patch has been installed once. It ignores the fact that something else might “back rev” a DLL.
I used to use both WSUS and BigFix in a previous job, and found what Tim mentions to be true.
WSUS would keep a history of the patches that had been installed, but if something else later overwrote newer files with old ones, WSUS still had that the patch had been installed. BigFix would find that a patch was then needed again, since the relevance was actually looking at the file(s) or registry keys the patch was updating.
When it comes to .Net, BigFix offers Fixlets to let you install newer versions than you might have installed. You might be seeing that.