Search
  • BFX Global Services

BigFix: Security and Non Security Patches

Updated: Oct 22, 2019

BigFix: Security Patches and Non-Security Patches

Today, most organizations are using BigFix or multiple vulnerability scanning tools to identify vulnerabilities on endpoints such as business-critical servers, laptops, and desktops. However, vulnerability identification and remediation are critical to maintaining a secure environment which involves fixlets for security patches, critical and non-security patches.

Relevant Security Patches Security patches are referred to as the number of relevant security patches for the security Fixlets that are applicable to deploy. It has the number of all patches relevant in the deployment and the total number of security Fixlets that are needed during that particular month.

Average Relevant Security Patches per Computer Average relevant security patches per computer is the number of all relevant patches and the critical patches for every computer.

Non-Security Patches

Non-security patches are mainly non-critical updates released by vendors to enhance functionality and/or include minor changes to the application.

The remediation process requires that security patches and non-security patches apply quickly to remediate the software and application systems. Whereas, some of the machines that contain vulnerabilities and have not been identified or patched, could present multiple threats to the infrastructures.

For example, WannaCry, Petya/NotPetya, and Apache Struts were cases where many of the institutes were affected. Some of these organizations remain concerned that their IT infrastructures may still be vulnerable to attacks from the newly patched updates, malware, and exploitation paths. For that reason, security patches, critical patches, and non-security patches are needed at all times in any organization.

https://securityintelligence.com/how-basic-endpoint-patching-helps-protect-against-ransomware-and-other-attacks/

Microsoft Security Patches Updates

Even though there is a change in Microsoft Windows 10, the change did not affect monthly security updates. Most of Microsoft security patch refers to any bulletin or update that is related to a security vulnerability. BigFix downloads the fixlets based on security patches needed and it displays the number of security patches that apply to a particular machine for deployment. It also lists the total patches needed and the total critical patches needed. Also, total patches needed refers to the total number of patches for all BigFix Clients, including critical, important, low, and unclassified patches.

The IBM-Microsoft still release patches update every second Tuesday at 10:00 a.m. of the month, however, based on the BigFix system, the patches are available on the following day. Microsoft-windows 10 quality updates are cumulative and contain all previously released fixes to guard against fragmentation of the OS that can lead to reliability and vulnerability issues when only a subset of fixes are installed. Most users are familiar with what is commonly referred to as “Patch Tuesday” or Update Tuesday. These updates are published on the second Tuesday of each month, known as the “B” release (“B” refers to the second week in the month), and are the only regular monthly releases that include both new security fixes and previously released security and non-security fixes. Most of the users chose the second Tuesday at 10:00 a.m. Pacific time which gives them plenty of time to test the updates and deploy them to their devices.

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Identifying%20Security%20Patches.

https://www.ibm.com/support/knowledgecenter/en/SS6MER_9.5.0/com.ibm.bigfix.patch.doc/Patch/Patch_Windows/c_how_patch_management_for_windo.html/

5 views