Fixing software vulnerabilities

Expand all | Collapse all

After you obtain the software vulnerabilities list, you can fix software vulnerabilities on managed devices that are running Windows. You can fix software vulnerabilities in the operating system and in third-party software, including Microsoft software, by creating and running the Fix vulnerabilities task or the Install required updates and fix vulnerabilities task.

The software update installation tasks have a number of limitations. These limitations depend on the license under which you are using Kaspersky Security Center Cloud Console and on the mode in which Kaspersky Security Center Cloud Console is working.

A user interaction may be required when you update a third-party application or fix a vulnerability in a third-party application on a managed device. For example, the user may be prompted to close the third-party application if it is currently open.

As an option, you can create a task to fix software vulnerabilities in the following ways:

• By opening the vulnerability list and specifying which vulnerabilities to fix.

  As a result, a new task to fix software vulnerabilities is created. As an option, you can add the selected vulnerabilities to an existing task.

• By running the Vulnerability fix wizard.

  The availability of this feature depends on the Kaspersky Security Center Cloud Console mode and your current license.

  The wizard simplifies creation and configuration of a vulnerability fix task and enables you to eliminate the creation of redundant tasks that contain the same updates to install.

Fixing software vulnerabilities by using the vulnerability list

To fix software vulnerabilities:

1. Open one of the lists of vulnerabilities:
   • To open the general vulnerability list, in the main menu, go to Operations → Patch management → Software vulnerabilities.
   • To open the vulnerability list for a managed device, in the main menu, go to Assets (Devices) → Managed devices → <device name> → Advanced → Software vulnerabilities.
   • To open the vulnerability list for a specific application, in the main menu, go to Operations → Third-party applications → Applications registry → <application name> → Vulnerabilities.

   A page with a list of vulnerabilities in the third-party software is displayed.

2. Select one or more vulnerabilities in the list, and then click the Fix vulnerability button.

   If a recommended software update to fix one of the selected vulnerabilities is absent, an informative message is displayed.

   To fix some software vulnerabilities, you must accept the End User License Agreement (EULA) for installing the software if EULA acceptance is requested. If you decline the EULA, the software vulnerability is not fixed.

3. Select one of the following options:
   • New task

     The New task wizard starts. Depending on the Kaspersky Security Center Cloud Console mode and your current license, the Install required updates and fix vulnerabilities task or the Fix vulnerabilities task is preselected. Follow the steps of the wizard to complete the task creation.

   • Fix vulnerability (add rule to specified task)

     Select a task to which you want to add the selected vulnerabilities. Depending on the Kaspersky Security Center Cloud Console mode and your current license, select an Install required updates and fix vulnerabilities task or a Fix vulnerabilities task. If you select an Install required updates and fix vulnerabilities task, a new rule to fix the selected vulnerabilities will be automatically added to the selected task. If you select a Fix vulnerabilities task, the selected vulnerabilities will be added to the task properties.

     The task properties window opens. Click the Save button to save the changes.

If you have chosen to create a task, the task is created and displayed in the task list at Assets (Devices) → Tasks. If you have chosen to add the vulnerabilities to an existing task, the vulnerabilities are saved in the task properties.

To fix the third-party software vulnerabilities, start the Install required updates and fix vulnerabilities task or the Fix vulnerabilities task. If you have created the Fix vulnerabilities task, you must manually specify the software updates to fix the software vulnerabilities listed in the task settings.

Fixing software vulnerabilities by using the Vulnerability fix wizard

The availability of the Vulnerability fix wizard depends on the license that you use and the mode in which Kaspersky Security Center Cloud Console is working.

To fix software vulnerabilities by using the Vulnerability fix wizard:

1. In the main menu, go to Operations → Patch management → Software vulnerabilities.

   A page with a list of vulnerabilities in the third-party software installed on managed devices is displayed.

2. Select the check box next to the vulnerability that you want to fix.
3. Click the Run Vulnerability fix wizard button.

   The Vulnerability fix wizard starts. The Select the vulnerability fix task page displays the list of all existing tasks of the following types:

   • Install required updates and fix vulnerabilities
   • Install Windows Update updates
   • Fix vulnerabilities

   You cannot modify the last two types of tasks to install new updates. To install new updates, you can only use the Install required updates and fix vulnerabilities task.

4. If you want the wizard to display only those tasks that fix the vulnerability that you selected, then enable the Show only tasks that fix this vulnerability option.
5. Choose what you want to do:
   • To start a task, select the check box next to the task name, and then click the Start button.
   • To add a new rule to an existing task:
     1. Select the check box next to the task name, and then click the Add rule button.
     2. On the page that opens, configure the new rule:
        • Rule for fixing vulnerabilities of this severity level

          Sometimes software updates may impair the user experience with the software. In such cases, you may decide to install only those updates that are critical for the software operation and to skip other updates.

          If this option is enabled, the updates fix only those vulnerabilities for which the severity level set by Kaspersky is equal to or higher than the severity of the selected update (Medium, High, or Critical). Vulnerabilities with a severity level lower than the selected value are not fixed.

          If this option is disabled, the updates fix all vulnerabilities regardless of their severity level.

          By default, this option is disabled.

        • Rule for fixing vulnerabilities by means of updates of the same type as the update defined as recommended for the selected vulnerability (available only for Microsoft software vulnerabilities)
        • Rule for fixing vulnerabilities in applications from the selected vendor (available only for third-party software vulnerabilities)
        • Rule for fixing a vulnerability in all versions of the selected application (available only for third-party software vulnerabilities)
        • Rule for fixing the selected vulnerability
        • Approve updates that fix this vulnerability

          The selected update will be approved for installation. Enable this option if some applied rules of update installation allow installation of approved updates only.

          By default, this option is disabled.

     3. Click the Add button.
   • To create a task:
     1. Click the New task button.
     2. On the page that opens, configure the new rule:
        • Rule for fixing vulnerabilities of this severity level

          Sometimes software updates may impair the user experience with the software. In such cases, you may decide to install only those updates that are critical for the software operation and to skip other updates.

          If this option is enabled, the updates fix only those vulnerabilities for which the severity level set by Kaspersky is equal to or higher than the severity of the selected update (Medium, High, or Critical). Vulnerabilities with a severity level lower than the selected value are not fixed.

          If this option is disabled, the updates fix all vulnerabilities regardless of their severity level.

          By default, this option is disabled.

        • Rule for fixing vulnerabilities by using updates of the type (available only for Microsoft software vulnerabilities)
        • Rule for fixing vulnerabilities in applications from the selected vendor (available only for third-party software vulnerabilities)
        • Rule for fixing a vulnerability in all versions of the selected application (available only for third-party software vulnerabilities)
        • Rule for fixing the selected vulnerability
        • Approve updates that fix this vulnerability

          The selected update will be approved for installation. Enable this option if some applied rules of update installation allow installation of approved updates only.

          By default, this option is disabled.

     3. Click the Add button.

If you have chosen to start a task, you can close the wizard. The task will complete in background mode. No further actions are required.

If you have chosen to add a rule to an existing task, the task properties window opens. The new rule is already added to the task properties. You can view or modify the rule or other task settings. Click the Save button to save the changes.

If you have chosen to create a task, you continue to create the task in the New task wizard. The new rule that you added in the Vulnerability fix wizard is displayed in the New task wizard. When you complete the New task wizard, the Install required updates and fix vulnerabilities task is added to the task list.

See also: Scenario: Finding and fixing software vulnerabilities

Page top