AnsweredAssumed Answered

Qualys report is showing outdated Patches

Question asked by Ashish Sharma on Sep 3, 2018
Latest reply on Sep 3, 2018 by DMFezzaReed

I did a scanning against a server and some vulnerabilities were reported. A few of the reported vulnerabilities are:


1. Microsoft .NET Framework Security Update August 2018


2. Microsoft .NET Framework Security Update May 2018


3. Microsoft .NET Framework Security Update January 2018


Question 1: Why are we reported that August 2018, May 2018 and January 2018 patches are missing - Is it not sufficient if Just August 2018 patch missing is reported?

Question 2: In some cases with some vendors, May 2018 patch might be super-seeded by August-2018 and so on. Will Qualys take this into account when reporting such missing patches ?

Question 2: While we address, do we have to install all the patches that are reported as missing? I mean - do we have to install all August 2018, May 2018 and January 2018 patches? Or just installing August 2018 patches (or the latest available patch in vendor website) is sufficient?