Scenario: Finding and fixing third-party software vulnerabilities
This section provides a scenario for finding and fixing vulnerabilities on managed devices running Windows. You can find and fix software vulnerabilities in the operating system and in third-party software, including Microsoft software.
Prerequisites
- Kaspersky Security Center Linux is deployed in your organization.
- There are managed devices running Windows in your organization.
- An internet connection is required for the Administration Server to perform the following tasks:
- To make a list of recommended fixes for vulnerabilities in Microsoft software. The list is created and regularly updated by Kaspersky specialists.
- To fix vulnerabilities in third-party software other than Microsoft software.
Stages
Finding and fixing software vulnerabilities proceeds in the following stages:
- Scanning for vulnerabilities in the software installed on the managed devices
To find vulnerabilities in the software installed on managed devices, run the Find vulnerabilities and required updates task. When this task is complete, Kaspersky Security Center Linux receives a list of detected vulnerabilities and the required updates for the third-party software installed on the devices that you specified in the task properties.
The Find vulnerabilities and required updates task is created automatically by the Kaspersky Security Center Linux quick start wizard. If you did not run the wizard, start it now or create the task manually.
You can create the Find vulnerabilities and required updates task only for Windows devices. You cannot create this task for devices running on other operating systems.
- Viewing the list of detected software vulnerabilities
View the Software vulnerabilities list and decide which vulnerabilities need to be fixed. To view detailed information about each vulnerability, click the vulnerability name in the list. For each vulnerability in the list, you can also view the statistics on the vulnerability on managed devices.
- Configuring vulnerabilities fix
When software vulnerabilities are detected, you can fix them on managed devices by using the Install required updates and fix vulnerabilities task or the Fix vulnerabilities task.
The Install required updates and fix vulnerabilities task is used to update and fix vulnerabilities in third-party software, including Microsoft software, installed on managed devices. This task allows you to install multiple updates and fix multiple vulnerabilities according to certain rules. Note that this task can be created only if you have the license for the Vulnerability and patch management feature. To fix software vulnerabilities, the Install required updates and fix vulnerabilities task uses recommended software updates.
The Fix vulnerabilities task does not require the license option for the Vulnerability and patch management feature. To use this task, you must manually specify user fixes for the vulnerabilities in the third-party software listed in the task settings. The Fix vulnerabilities task uses the recommended fixes for Microsoft software and user fixes for third-party software.
You can create the Install required updates and fix vulnerabilities task and Fix vulnerabilities task only for Windows devices. You cannot create these tasks for devices running on other operating systems.
You can start the Vulnerability fix wizard that creates one of these tasks automatically, or you can create one of these tasks manually.
If you have created and configured the Install required updates and fix vulnerabilities task, the vulnerabilities are fixed on managed devices automatically. When the created task is started, it correlates the list of available software updates to the rules specified in the task settings. All software updates that meet the criteria in the specified rules are downloaded to the Administration Server repository and installed to fix software vulnerabilities.
If you have created the Fix vulnerabilities task, only vulnerabilities for Microsoft software are fixed.
- Scheduling the tasks
Schedule the Find vulnerabilities and required updates task to run automatically on a periodic basis to keep the list of vulnerabilities up-to-date. The recommended frequency is once a week.
If you have created the Install required updates and fix vulnerabilities task, you can schedule it to run with the same frequency as the Find vulnerabilities and required updates task or less often. When scheduling the Fix vulnerabilities task, note that you have to select fixes for Microsoft software or specify user fixes for third-party software every time before starting the task.
When scheduling the tasks, make sure that a task created to fix vulnerabilities starts after the Find vulnerabilities and required updates task is complete.
- Ignoring software vulnerabilities (optional)
You can ignore certain software vulnerabilities on all managed devices or only on selected managed devices.
- Running a vulnerability fix task
Start the Install required updates and fix vulnerabilities task or the Fix vulnerabilities task. When the task is complete, make sure that it has the Completed successfully status in the task list.
- Creating a report on the results of fixing software vulnerabilities (optional)
To view detailed statistics on the vulnerabilities fixed, generate the Report on vulnerabilities. This report displays information about software vulnerabilities that are not fixed. It allows you to identify and address vulnerabilities in third-party software, including Microsoft software, that is used in your organization.
- Checking the configuration for finding and fixing vulnerabilities in third-party software
Make sure that you have done the following:
- Obtained and reviewed the list of software vulnerabilities on managed devices.
- Ignored certain software vulnerabilities, if desired.
- Configured the task to fix vulnerabilities.
- Scheduled the tasks to find and fix software vulnerabilities so that they start sequentially.
- Checked that the task to fix software vulnerabilities has started.
