Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Windows Patch Level/Rollup Tracking

by Sharon Everson
June 11, 2021

Windows Patch Level/Rollup Tracking

A significant benefit of an effective cybersecurity program is that organizations will improve business continuity and confidence when dealing with security threats. This dashboard gives you visibility into Microsoft Rollup status as well as severity, trend, and host count data to highlight organization-wide patching context. Microsoft Rollups are a tested cumulative set of updates typically released to address a significant event. Rollups include both security and reliability updates that are packaged together and distributed over Microsoft’s standard update mechanisms. The Monthly Rollup addresses both new security issues and non security issues in a single update and does not require cumulative patching.

Organizations regularly need to know which of the systems in their environment are up to date or require patching. When systems fall behind patching efforts they become vulnerable to compromise. Systems missing rollups may have stability issues, security holes, or have outdated features. When these systems are compromised, attackers rapidly gain an advantage by leveraging additional vulnerable systems to laterally move throughout the network.  To reduce risk, Operations teams must be able to detect these vulnerable  devices, and be alerted when patching efforts fall behind organizational requirements.  

Operations teams are typically responsible for not only monitoring the organization’s infrastructure, but also for patching and remediating risk. To do this, the operations team requires vulnerability details which easily identify the most significant vulnerabilities, and provides guidance towards mitigation. The ability to identify the  risks which are present due to missing patches is paramount. In addition to rollup status, this dashboard provides severity, trend, and host count data to highlight organization-wide patching context. By identifying assets that are missing critical vulnerability patches, operations teams can quickly reduce the attack surface, and visually track efforts and measure against established goals.

Organizations should use this dashboard to assist operations teams in monitoring outdated assets within the organization, and guide them in detecting, predicting, and reducing risk across their entire attack surface. Components not only include critical missing rollup patches, but also quarterly  patch tracking to identify the length of time that an asset has been out of date. Utilizing Tenable’s Predictive Prioritization technology of combining vulnerability data, threat intelligence and data science, this dashboard directly benefits operations teams in determining where to start when navigating a sea of vulnerabilities. Further, when missing Microsoft Security Rollups are identified, Tenable.sc can quickly provide alerts via workflows and notifications, to further speed up incident response and vulnerability remediation.

This dashboard is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The dashboard can be easily located in the Tenable.sc Feed under the category Compliance & Configuration Assessments.

The dashboard requirements are:

• Tenable.sc 5.18.0

• Nessus 8.15.0

This dashboard contains the following components:

Windows Patch Level Rollup Tracking - 90-day Vulnerability Trend for Missing Rollups: This component presents a 90-day trend of vulnerabilities for hosts identified as missing any Microsoft Windows Rollup KB.

Windows Patch Level/Rollup Tracking - Missing Rollups Presenting a High Risk (VPR 7 -10): This component presents a table of vulnerabilities sorted by Vulnerability Priority Rating (VPR) for hosts identified as missing Microsoft Windows Rollup KBs.

Hosts with the Most Missing Rollup KBs: This component displays the top 5 hosts missing Microsoft Rollup KBs, patches.

Windows Hosts With Old Patch Levels (Patched only with Pre-2020 Rollups): This table provides a list of hosts that only have Microsoft Rollup patches dated from before 2020 installed.

Windows Hosts With No Confirmed Patch Level for > 30 Days: This table provides a list of hosts that have not received the latest Microsoft Windows Rollup.

Windows Host - Latest Effective Monthly Rollup Patch Level (Q1): This matrix presents a monthly analysis of the last Microsoft Rollup that has been applied to a host for Quarter 1 of 2023-2025.

Windows Host - Latest Effective Monthly Rollup Patch Level (Q2): This matrix presents a monthly analysis of the last Microsoft Rollup that has been applied to a host for Quarter 2 of 2023-2025.

Windows Host - Latest Effective Monthly Rollup Patch Level (Q3): This matrix presents a monthly analysis of the last Microsoft Rollup that has been applied to a host for Quarter 3 of 2023-2025.

Windows Host - Latest Effective Monthly Rollup Patch Level (Q4): This matrix presents a monthly analysis of the last Microsoft Rollup that has been applied to a host for Quarter 4 of 2023-2025.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training