Fixing third-party software vulnerabilities

To find third-party software vulnerabilities, you can create and run the Find vulnerabilities and required updates task and receive a list of software vulnerabilities. After you obtain the software vulnerabilities list, you can fix the vulnerabilities on the managed devices that are running Windows.

You can fix software vulnerabilities in the operating system and in third-party software, including Microsoft software, by creating and running the Fix vulnerabilities task or the Install required updates and fix vulnerabilities task.

A user interaction may be required when you update a third-party application or fix a vulnerability in a third-party application on a managed device. For example, the user may be prompted to close the third-party application if it is currently open.

As an option, you can create a task to fix software vulnerabilities in the following ways:

By opening the vulnerability list and specifying which vulnerabilities to fix.
As a result, a new task to fix software vulnerabilities is created. As an option, you can add the selected vulnerabilities to an existing task.
By running the Vulnerability fix wizard.
The Vulnerability fix wizard is only available under the Vulnerability and patch management license.

The wizard simplifies the creation and configuration of a vulnerability fix task, and allows you to eliminate the creation of redundant tasks.

Fixing software vulnerabilities by using the vulnerability list

To fix software vulnerabilities by using the vulnerability list:

Open the list of vulnerabilities by doing one of the following:
- In the main menu, go to Operations → Patch management → Software vulnerabilities.
- In the main menu, go to Assets (Devices) → Managed devices → <device name> → Advanced → Software vulnerabilities.
- In the main menu, go to Operations → Third-party applications → Applications registry → <application name> → Vulnerabilities.
A table with the list of vulnerabilities in the third-party software installed on managed devices is displayed.
In the list of vulnerabilities, select the check boxes next to the vulnerabilities you want to fix, and then click the Fix vulnerability button.
If a recommended software update to fix one of the selected vulnerabilities is absent, an informative message is displayed.

To fix some software vulnerabilities, you must accept the End User License Agreement (EULA) for installing the software, if EULA acceptance is requested. If you decline the EULA, the software vulnerability is not fixed.
Select one of the following options:
- New task
  The New task wizard starts. If you have the Vulnerability and patch management license, the Install required updates and fix vulnerabilities task is preselected. If you do not have the license, the Fix vulnerabilities task is preselected. Follow the steps of the wizard to complete task creation.
- Fix vulnerability (add rule to specified task)
  Select a task to which you want to add the selected vulnerabilities. If you have the Vulnerability and patch management license, select the Install required updates and fix vulnerabilities task. A new rule to fix the selected vulnerabilities will be automatically added to the selected task. If you do not have the license, select the Fix vulnerabilities task. The selected vulnerabilities are added to the task properties.
  
  The task properties window opens. Click the Save button to save the changes.

If you have chosen to create a task, the task is created and displayed in the task list at Assets (Devices) → Tasks. If you have chosen to add the vulnerabilities to an existing task, the vulnerabilities are saved in the task properties.

To fix the third-party software vulnerabilities, start the Install required updates and fix vulnerabilities task or the Fix vulnerabilities task. If you have created the Fix vulnerabilities task, you must manually specify the software updates listed in the task settings.

Fixing software vulnerabilities by using the Vulnerability fix wizard

The Vulnerability fix wizard is only available under the Vulnerability and patch management license.

To fix software vulnerabilities by using the Vulnerability fix wizard:

In the main menu, go to Operations → Patch management → Software vulnerabilities.
A table with a list of vulnerabilities in the third-party software installed on managed devices is displayed.
Select the check box next to the vulnerability that you want to fix.
Click the Run Vulnerability fix wizard button.
The button is disabled if you select more than one vulnerability.

The Vulnerability fix wizard starts. The list of existing tasks is displayed. This list may contain the following types of tasks:
- Install required updates and fix vulnerabilities
- Fix vulnerabilities
You cannot modify the Fix vulnerabilities task to install new updates. To install new updates, you can only use the Install required updates and fix vulnerabilities task.
If you want the wizard to display only those tasks that fix the vulnerability that you selected, enable the Show only tasks that fix this vulnerability option.
Do one of the following:
- To start a task, select the check box next to the task name, and then click the Start button.
  No further actions are required. You can close the wizard. The task will complete in background mode.
- To add a new rule to an existing Install required updates and fix vulnerabilities task:
  1. Select the check box next to the task name, and then click the Add rule button.
    The Add rule button is disabled if you select more than one task.
    
    You cannot add a rule for a Fix vulnerabilities task. If you select a Fix vulnerabilities task, the following notification is displayed: "To install updates, use the "Install required updates and fix vulnerabilities" task."
  2. On the page that opens, configure the new rule:
    - Rule for fixing vulnerabilities of this severity level
      Sometimes software updates may impair the user experience with the software. In such cases, you may decide to install only those updates that are critical for the software operation and to skip other updates.
      
      If this option is enabled, the updates fix only those vulnerabilities for which the severity level set by Kaspersky is equal to or higher than the severity of the selected update (Medium, High, or Critical). Vulnerabilities with a severity level lower than the selected value are not fixed.
      
      If this option is disabled, the updates fix all vulnerabilities regardless of their severity level.
      
      By default, this option is disabled.
    - Rule for fixing vulnerabilities by means of updates of the same type as the update defined as recommended for the selected vulnerability
      This rule is displayed only for Microsoft software vulnerabilities.
    - Rule for fixing vulnerabilities in applications from the selected vendor
      This rule is displayed only for third-party software vulnerabilities.
    - Rule for fixing a vulnerability in all versions of the selected application
      This rule is displayed only for third-party software vulnerabilities.
    - Rule for fixing the selected vulnerability
    - Approve updates that fix this vulnerability
      The selected update will be approved for installation. Enable this option if some applied rules of update installation allow installation of approved updates only.
      
      By default, this option is disabled.
  3. Click the Add button.
    The task properties window opens. The new rule is already added to the task properties. You can view or modify the rule, or other task settings. Click the Save button to save the changes.
- To create a task:
  1. Click the New task button.
  2. On the page that opens, configure the new rule:
    - Rule for fixing vulnerabilities of this severity level
      Sometimes software updates may impair the user experience with the software. In such cases, you may decide to install only those updates that are critical for the software operation and to skip other updates.
      
      If this option is enabled, the updates fix only those vulnerabilities for which the severity level set by Kaspersky is equal to or higher than the severity of the selected update (Medium, High, or Critical). Vulnerabilities with a severity level lower than the selected value are not fixed.
      
      If this option is disabled, the updates fix all vulnerabilities regardless of their severity level.
      
      By default, this option is disabled.
    - Rule for fixing vulnerabilities by means of updates of the same type as the update defined as recommended for the selected vulnerability
      This rule is displayed only for Microsoft software vulnerabilities.
    - Rule for fixing vulnerabilities in applications from the selected vendor
      This rule is displayed only for third-party software vulnerabilities.
    - Rule for fixing a vulnerability in all versions of the selected application
      This rule is displayed only for third-party software vulnerabilities.
    - Rule for fixing the selected vulnerability
    - Approve updates that fix this vulnerability
      The selected update will be approved for installation. Enable this option if some applied rules of update installation allow installation of approved updates only.
      
      By default, this option is disabled.
  3. Click the Add button.
  4. Continue to create the task in the New task wizard.
    The new rule that you added in the Vulnerability fix wizard is displayed at the Specify rules for installing updates step of the New task wizard. When you complete the wizard, the Install required updates and fix vulnerabilities task is added to the task list.