AnsweredAssumed Answered

Outdated patches reported as missing

Question asked by Karthik Aravind on Apr 27, 2016
Latest reply on May 4, 2016 by Karthik Aravind

I did a scanning against a server and some vulnerabilities were reported. A few of the reported vulnerabilities are:

 

 

 

 

 

Question 1: Why are we reported that Oct-2012, Jan-2013, Apr-2013 and July-2013 patches are missing - Is it not sufficient if Just July 2013 patch missing is reported ?

Question 2: In some cases with some vendors, Oct-2012 patch might be super-seeded by Jan-2013 and so on. Will Qualys take this into account when reporting such missing patches ?

Question 2: While we address, do we have to install all patches that are reported as missing ? I mean - do we have to install all Oct-2012, Jan-2013, Apr-2013 and July-2013 patches ? Or just installing Jul-2013 patches (or the latest available patch is vendor website)is sufficient ?

Outcomes