Scenario: Finding and fixing third-party software vulnerabilities

Support

Support for business applications

Kaspersky Security Center 14

Kaspersky Security Center 14.2

Managing third-party applications on client devices

Fixing third-party software vulnerabilities

Scenario: Finding and fixing third-party software vulnerabilities

November 2, 2024

ID 184124

Get as PDF

This section provides a scenario for finding and fixing vulnerabilities on the managed devices running Windows. You can find and fix software vulnerabilities in the operating system and in third-party software, including Microsoft software.

Prerequisites

Kaspersky Security Center is deployed in your organization.
There are managed devices running Windows in your organization.
Internet connection is required for Administration Server to perform the following tasks:
- To make a list of recommended fixes for vulnerabilities in Microsoft software. The list is created and regularly updated by Kaspersky specialists.
- To fix vulnerabilities in third-part software other than Microsoft software.

Stages

Finding and fixing software vulnerabilities proceeds in stages:

Scanning for vulnerabilities in the software installed on the managed devices
To find vulnerabilities in the software installed on the managed devices, run the Find vulnerabilities and required updates task. When this task is complete, Kaspersky Security Center receives the lists of detected vulnerabilities and required updates for the third-party software installed on the devices that you specified in the task properties.

The Find vulnerabilities and required updates task is created automatically by Kaspersky Security Center quick start wizard. If you did not run the wizard, start it now or create the task manually.

How-to instructions:
- Administration Console: Scanning applications for vulnerabilities, Scheduling the Find vulnerabilities and required updates task
- Kaspersky Security Center Web Console: Creating the Find vulnerabilities and required updates task, Find vulnerabilities and required updates task settings
Analyzing the list of detected software vulnerabilities
View the Software vulnerabilities list and decide which vulnerabilities are to be fixed. To view detailed information about each vulnerability, click the vulnerability name in the list. For each vulnerability in the list, you can also view the statistics on the vulnerability on managed devices.

How-to instructions:
- Administration Console: Viewing information about software vulnerabilities, Viewing statistics of vulnerabilities on managed devices
- Kaspersky Security Center Web Console: Viewing information about software vulnerabilities, Viewing statistics of vulnerabilities on managed devices
Configuring vulnerabilities fix
When the software vulnerabilities are detected, you can fix the software vulnerabilities on the managed devices by using the Install required updates and fix vulnerabilities task or the Fix vulnerabilities task.

The Install required updates and fix vulnerabilities task is used to update and fix vulnerabilities in third-party software, including Microsoft software, installed on the managed devices. This task allows you to install multiple updates and fix multiple vulnerabilities according to certain rules. Note that this task can be created only if you have the license for the Vulnerability and patch management feature. To fix software vulnerabilities the Install required updates and fix vulnerabilities task uses recommended software updates.

The Fix vulnerabilities task does not require the license option for the Vulnerability and patch management feature. To use this task, you must manually specify user fixes for vulnerabilities in third-party software listed in the task settings. The Fix vulnerabilities task uses recommended fixes for Microsoft software and user fixes for third-party software.

You can start Vulnerability fix wizard that creates one of these tasks automatically, or you can create one of these tasks manually.

How-to instructions:
- Administration Console: Selecting user fixes for vulnerabilities in third-party software, Fixing vulnerabilities in applications
- Kaspersky Security Center Web Console: Selecting user fixes for vulnerabilities in third-party software, Fixing vulnerabilities in third-party software, Creating the Install required updates and fix vulnerabilities task
Scheduling the tasks
To be sure that the vulnerabilities list is always up-to-date, schedule the Find vulnerabilities and required updates task to run it automatically from time to time. The recommended average frequency is once a week.

If you have created the Install required updates and fix vulnerabilities task, you can schedule it to run with the same frequency as the Find vulnerabilities and required updates task or less often. When scheduling the Fix vulnerabilities task, note that you have to select fixes for Microsoft software or specify user fixes for third-party software every time before starting the task.

When scheduling the tasks, make sure that a task to fix vulnerability starts after the Find vulnerabilities and required updates task is complete.
Ignoring software vulnerabilities (optional)
If you want, you can ignore software vulnerabilities to be fixed on all managed devices or only on the selected managed devices.

How-to instructions:
- Administration Console: Ignoring software vulnerabilities
- Kaspersky Security Center Web Console: Ignoring software vulnerabilities
Running a vulnerability fix task
Start the Install required updates and fix vulnerabilities task or the Fix vulnerability task. When the task is complete, make sure that it has the Completed successfully status in the task list.
Create the report on results of fixing software vulnerabilities (optional)
To view detailed statistics on the vulnerabilities fix, generate the Report on vulnerabilities. The report displays information about software vulnerabilities that are not fixed. Thus you can have an idea about finding and fixing vulnerabilities in third-party software, including Microsoft software, in your organization.

How-to instructions:
- Administration Console: Creating and viewing a report
- Kaspersky Security Center Web Console: Generating and viewing a report
Checking configuration of finding and fixing vulnerabilities in third-party software
Be sure that you have done the following:
- Obtained and reviewed the list of software vulnerabilities on managed devices
- Ignored software vulnerabilities if you wanted
- Configured the task to fix vulnerabilities
- Scheduled the tasks to find and to fix software vulnerabilities so that they start sequentially
- Checked that the task to fix software vulnerabilities was run

Results

If you have created and configured the Install required updates and fix vulnerabilities task, the vulnerabilities are fixed on the managed devices automatically. When the task is run, it correlates the list of available software updates to the rules specified in the task settings. All software updates that meet the criteria in the rules will be downloaded to the Administration Server repository and will be installed to fix software vulnerabilities.

If you have created the Fix vulnerabilities task, only software vulnerabilities in Microsoft software are fixed.

Kaspersky Security Center: Optimization of daily routine tasks

A powerful administration console, with an additional flexible web-based interface that’s available wherever you are. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.