I did a scanning against a server and some vulnerabilities were reported. A few of the reported vulnerabilities are:
1. Microsoft .NET Framework Security Update August 2018
2. Microsoft .NET Framework Security Update May 2018
3. Microsoft .NET Framework Security Update January 2018
Question 1: Why are we reported that August 2018, May 2018 and January 2018 patches are missing - Is it not sufficient if Just August 2018 patch missing is reported?
Question 2: In some cases with some vendors, May 2018 patch might be super-seeded by August-2018 and so on. Will Qualys take this into account when reporting such missing patches ?
Question 2: While we address, do we have to install all the patches that are reported as missing? I mean - do we have to install all August 2018, May 2018 and January 2018 patches? Or just installing August 2018 patches (or the latest available patch in vendor website) is sufficient?