Fixing vulnerabilities in third-party software

Expand all | Collapse all

The features provided under the Vulnerability and Patch Management license are only available in MMC-based Administration Console, and Kaspersky Security Center 12.2 Web Console or later versions.

After you obtain the software vulnerabilities list, you can fix software vulnerabilities on managed devices that are running Windows. You can fix software vulnerabilities in the operating system and in third-party software, including Microsoft software, by creating and running the Fix vulnerabilities task or the Install required updates and fix vulnerabilities task.

A user interaction may be required when you update a third-party application or fix a vulnerability in a third-party application on a managed device. For example, the user may be prompted to close the third-party application if it's currently open.

As an option, you can create a task to fix software vulnerabilities in the following ways:

Fixing software vulnerabilities by using the vulnerability list

To fix software vulnerabilities:

  1. Open one of the lists of vulnerabilities:
    • To open the general vulnerability list, go to OPERATIONSPATCH MANAGEMENTSoftware vulnerabilities.
    • To open the vulnerability list for a managed device, go to DEVICESMANAGED DEVICES → <device name> → AdvancedSoftware vulnerabilities.
    • To open the vulnerability list for a specific application, go to OPERATIONSTHIRD-PARTY APPLICATIONS → APPLICATIONS REGISTRY → <application name> → Vulnerabilities.

    A page with a list of vulnerabilities in the third-party software is displayed.

  2. Select one or more vulnerabilities in the list, and then click the Fix vulnerability button.

    If a recommended software update to fix one of the selected vulnerabilities is absent, an informative message is displayed.

    To fix some software vulnerabilities, you must accept the End User License Agreement (EULA) for installing the software, if EULA acceptance is requested. If you decline the EULA, the software vulnerability is not fixed.

  3. Select one of the following options:
    • New task

      The Add Task Wizard starts. If you have the Vulnerability and Patch Management license, the Install required updates and fix vulnerabilities task is preselected. If you do not have the license, the Fix vulnerabilities task is preselected. Follow the steps of the Wizard to complete the task creation.

    • Fix vulnerability (add rule to specified task)

      Select a task to which you want to add the selected vulnerabilities. If you have the Vulnerability and Patch Management license, select an Install required updates and fix vulnerabilities task. A new rule to fix the selected vulnerabilities will be automatically added to the selected task. If you do not have the license, select a Fix vulnerabilities task. The selected vulnerabilities will be added to the task properties.

      The task properties window opens. Click the Save button to save the changes.

If you have chosen to create a task, the task is created and displayed in the task list at DEVICESTASKS. If you have chosen to add the vulnerabilities to an existing task, the vulnerabilities are saved in the task properties.

To fix the third-party software vulnerabilities, start the Install required updates and fix vulnerabilities task or the Fix vulnerabilities task. If you have created the Fix vulnerabilities task, you must manually specify the software updates to fix the software vulnerabilities listed in the task settings.

Fixing software vulnerabilities by using the Vulnerability Fix Wizard

The Vulnerability Fix Wizard is only available under the Vulnerability and Patch Management license.

To fix software vulnerabilities by using the Vulnerability Fix Wizard:

  1. On the OPERATIONS tab, in the PATCH MANAGEMENT drop-down list, select Software vulnerabilities.

    A page with a list of vulnerabilities in the third-party software installed on managed devices is displayed.

  2. Select the check box next to the vulnerability that you want to fix.
  3. Click the Run Vulnerability Fix Wizard button.

    The Vulnerability Fix Wizard starts. The Select the vulnerability fix task page displays the list of all existing tasks of the following types:

    • Install required updates and fix vulnerabilities
    • Install Windows Update updates
    • Fix vulnerabilities

    You cannot modify the last two types of tasks to install new updates. To install new updates, you can only use the Install required updates and fix vulnerabilities task.

  4. If you want the Wizard to display only those tasks that fix the vulnerability that you selected, then enable the Show only tasks that fix this vulnerability option.
  5. Choose what you want to do:
    • To start a task, select the check box next to the task name, and then click the Start button.
    • To add a new rule to an existing task:
      1. Select the check box next to the task name, and then click the Add rule button.
      2. On the page that opens, configure the new rule:
        • Rule for fixing vulnerabilities of this severity level
        • Rule for fixing vulnerabilities by means of updates of the same type as the update defined as recommended for the selected vulnerability (available only for Microsoft software vulnerabilities)
        • Rule for fixing vulnerabilities in applications from the selected vendor (available only for third-party software vulnerabilities)
        • Rule for fixing a vulnerability in all versions of the selected application (available only for third-party software vulnerabilities)
        • Rule for fixing the selected vulnerability
        • Approve updates that fix this vulnerability
      3. Click the Add button.
    • To create a task:
      1. Click the New task button.
      2. On the page that opens, configure the new rule:
        • Rule for fixing vulnerabilities of this severity level
        • Rule for fixing vulnerabilities by means of updates of the same type as the update defined as recommended for the selected vulnerability (available only for Microsoft software vulnerabilities)
        • Rule for fixing vulnerabilities in applications from the selected vendor (available only for third-party software vulnerabilities)
        • Rule for fixing a vulnerability in all versions of the selected application (available only for third-party software vulnerabilities)
        • Rule for fixing the selected vulnerability
        • Approve updates that fix this vulnerability
      3. Click the Add button.

If you have chosen to start a task, you can close the Wizard. The task will complete in background mode. No further actions are required.

If you have chosen to add a rule to an existing task, the task properties window opens. The new rule is already added to the task properties. You can view or modify the rule or other task settings. Click the Save button to save the changes.

If you have chosen to create a task, you continue to create the task in the New Task Wizard. The new rule that you added in the Vulnerability Fix Wizard is displayed in the New Task Wizard. When you complete the New Task Wizard, the Install required updates and fix vulnerabilities task is added to the task list.

See also:

Scenario: Finding and fixing third-party software vulnerabilities

Page top