LogoLogo
Get FDA readyServicesSolutionsGuardian helpGet a demo
  • Helm help center home
  • Get Started
    • Helm features
    • Quickstart process
    • Understand data sources and update frequency
    • Get familiar with the Helm UI
      • Understand your dashboard
      • Helm terminology
    • Don't have an SBOM?
      • Why SBOMs are critical to your present and future
      • Generate CycloneDX SBOM with open-source tools
      • Generate SPDX SBOM with open-source tools
        • Generate SBOM with Yocto on Linux
      • Convert your SBOM from CSV to CycloneDX
      • Get expert Services help
    • Upload your first SBOM
      • Upload or convert .zst SBOM files from Yocto on Linux
  • Automate and integrate
    • Automate and integrate risk prioritization and management
    • Automate SBOM and vulnerability management via Helm API SDK
    • Automate SBOM management via GitHub action
    • Automate SBOM management via MS Azure DevOps extension
    • Create and manage lifecycle rules to automate EOS and EOL information across all products
  • Match components
    • Match unmatched components
    • Understand match statuses
    • Understand match sources
    • Create and manage alias rules to match and rematch components across all products
  • manage sboms
    • Manage SBOM
      • Manage component
      • Manage licenses
      • Create, edit, or merge SBOMs
      • Export your SBOM
      • Upload new version of SBOM with each release
      • Archive a product or product version
    • Find out what products contain a particular component
  • manage vulnerabilities
    • Check whether a particular vulnerability impacts your products
    • Manage vulnerabilities
      • Identify and prioritize exploitable vulnerabilities
        • Get email notifications for new vulnerabilities
        • Send email with vulnerability details for future prioritization
        • Understand issue severity level
          • Understand the CVSS vulnerability scoring system
      • Rescore vulnerabilities in bulk or individually
      • Remediate vulnerabilities in bulk or individually
      • Patch Windows vulnerabilities in bulk or individually
      • Export vulnerabilities
  • Ensure FDA readiness
    • FDA-ready SBOM and vulnerability reports
      • Meet FDA requirements with your FDA SBOM report
      • VEX and VDR reports
    • Understand new FDA cybersecurity requirements for cyber devices
      • Is my device a cyber device?
      • What if I already submitted my cyber device?
    • What should my cybersecurity management plan entail?
      • What does risk management entail?
      • Verification & Validation: Build the right product/service/system in the right way
      • Why do I need a Quality Management System (QMS)?
      • Cybersecurity is everyone's responsibility
  • Terminology
    • Cybersecurity terminology
    • What is CPE?
      • How do I read a CPE string?
  • Administration
    • Manage users
    • Manage products
    • Modify your organization name
  • what's new
    • Changelog
Powered by GitBook

© Copyright MedCrypt 2024, All rights reserved.

On this page
  • Bulk patch Windows vulnerabilities across product version
  • Patch individual Windows vulnerabilities
  • Manage multiple patch levels across your devices in the field

Was this helpful?

Export as PDF
  1. manage vulnerabilities
  2. Manage vulnerabilities

Patch Windows vulnerabilities in bulk or individually

PreviousRemediate vulnerabilities in bulk or individuallyNextExport vulnerabilities

Last updated 4 months ago

Was this helpful?

Bulk patch Windows vulnerabilities across product version

In the Products page, if you have a product version selected that is running a Windows operating system, you will see an Apply Windows KBs action link next to the Manage SBOMs drop-down button.

Note: Depending on the degree of completeness of this SBOM, it may be in a draft or interim state, in which you are still applying Windows KBs to the digital twin of your product version in order to stay in sync with what you've already applied to your physical test device. If so, you may be able to apply a KB to resolve this vulnerability to this current version. If you're dealing with an SBOM in a final state or already released, you'll want to make a ticket to apply this KB to the next version of your SBOM, so that your digital and physical device versions stay in sync.

You can assess these KBs on your physical test devices, or you can apply them here to understand which vulnerabilities applying them will fix, before starting the physical testing. This will give you a clearer understanding of your overall current risks and an accurate digital record of your device’s current state, and will enable you to quickly answer the question of whether your business is at risk for a particular vulnerability, as well as to confidently communicate recommended patched for your customers to apply, providing you and your customers a clear understanding of your overall current risks.

To apply KBs:

  1. In the Products (SBOM) page, click the Apply Windows KBs action link next to the Manage SBOMs drop-down button. This will display the Apply Windows KBs modal. This enables you to keep your Windows KB patching in Helm aligned with your internal Windows KB testing and recommendations to your customers.

  2. Copy and paste the KBs into the KBs to apply list box. Make sure all values are separated with a comma. If you’re pasting from a spreadsheet, you can use the JOIN function in Excel or Google Sheets. This uses the Google Sheets example: JOIN(“,”, A2:A20), where cells A2-A20 contain the patch (KB) numbers you want to comma separate. Copy and paste that calculated string directly into the Patches (KB) field. Any patch (KB) number that is comma-separated will automatically be converted into a chip. Note that you do not need to include the “KB” in front of the Windows patch (KB) numbers, but if you do, our system will strip those out.

  3. If there are already KBs applied, they display in the box to the right, KBs already applied. You can remove any erroneously applied KBs from here in order to keep your device version aligned with your ideal patch recommendations to your customers.

  4. Click Apply changes. This will add the new KBs to this product version. If you removed any KBs, they will be removed. We do not do any validation on these KBs beyond numeric value validation, as there could be non-security related KBs that you have applied, or the KB could have been released after we’ve performed a daily sync with the Windows sources we use to extract updated KB information.

  5. After applying KBs, you’ll see a success message letting you know which KBs were applied, as well as how many vulnerabilities they resolved.

  6. Once you've patched Windows vulnerabilities, you'll still need to.

Patch individual Windows vulnerabilities

In the Vulnerabilities table, for Windows vulnerabilities, you'll see an update indicator next to the Vuln IDs that can be resolved by applying a Windows KB.

Note: Depending on the degree of completeness of your SBOM, it may be in a draft or interim state, in which you are still applying Windows KBs to the digital twin of your product version in order to stay in sync with what you've already applied to your physical test device. If so, you may be able to apply a KB to resolve this vulnerability to this current version. If you're dealing with an SBOM in a final state or already released, you'll want to make a ticket to apply this KB to the next version of your SBOM, so that your digital and physical device versions stay in sync.

  1. Once you’ve determined which KBs you need to apply to resolve a vulnerability, click the KB indicator next to the Vuln ID. This will display the Resolve panel.

  2. In this panel, you'll see a list of suggested KBs. The top one is the one that is most recently released and contains the most rollups of the subsequent KBs. You can click each KB link to go to the Microsoft MSRC site to determine which KBs matches what you are applying to your physical test device to align your digital digital twin record accordingly.

  3. Click Resolve with selected KB when you've chosen which KB you want to apply. You’ll see a success message letting you know which KB was applied, as well as how many and which vulnerabilities it resolved.

  4. Next to the Vuln ID, the row will be grayed out to indicate that a KB has been applied. You can hover over this to see what KB was applied to resolve this vulnerability.

  5. Once you've patched a Windows vulnerability, you'll still need to.

Manage multiple patch levels across your devices in the field

No matter how accurate and timely the patching recommendations you make to your clients are, some customers won’t patch up to the recommended level.

To manage multiple patch levels:

  1. Upload your SBOM again, modifying its name slightly, such as SBOM_productname_v1.2 to SBOM_productname_v1.2.1.

  2. In this new version, you can then apply the Windows KB patching that matches what you’re applying to your physical test devices. This will enable you to track your device’s vulnerability level at various patching levels, enabling you to provide the requisite proof to the FDA that you are proactively managing risk levels across all devices.

from Helm before you start applying KBs.

change their remediation statuses
change its remediation status
Export your current SBOM