AnsweredAssumed Answered

Has anyone experienced issues with Qualys not detecting the existence of a Cumulative Patch Bundle?

Question asked by Philip Wilhelm on Sep 13, 2018
Latest reply on Oct 8, 2018 by Philip Wilhelm

According to Microsoft I am told that the reason I still see .NET vulnerabilities on the Qualys Scan (even though I have installed the latest Cumulative Patch bundle is because Qualys can not recognize the cumulative patches; it is looking for the individual patches it specifically wants installed?

 

Example :

 

According to Microsoft, if Qualys says we need to install the following:

 

  • .NET Security Update July 2017
  • .NET Security Update June 2018
  • .NET Security Update May 2018

 

and then we install the .NET Cumulative Security Update (which included all Security Updates going back to October of 2016) I will have patched the actual Vulnerability but Qualys will still report the server vulnerable because we did not install the individually recommended Security Updates.

 

Is this true and how can I get around this?

Outcomes