Apply Windows KBs to resolve multiple vulnerabilities across product version
In the Software Bill of Materials (Products) page, if you have a product version selected that is running a Windows operating system, you will see an Apply Windows KBs action link next to the Manage SBOMs drop-down button.
Note: Depending on the degree of completeness of this SBOM, it may be in a draft or interim state, in which you are still applying Windows KBs to the digital twin of your product version in order to stay in sync with what you've already applied to your physical test device. If so, you may be able to apply a KB to resolve this vulnerability to this current version. If you're dealing with an SBOM in a final state or already released, you'll want to make a ticket to apply this KB to the next version of your SBOM, so that your digital and physical device versions stay in sync.
You can assess these KBs on your physical test devices, or you can apply them here to understand which vulnerabilities applying them will fix, before starting the physical testing. This will give you a clearer understanding of your overall current risks and an accurate digital record of your device’s current state, and will enable you to quickly answer the question of whether your business is at risk for a particular vulnerability, as well as to confidently communicate recommended patched for your customers to apply, providing you and your customers a clear understanding of your overall current risks.
To apply KBs:
In the Products (SBOM) page, click the Apply Windows KBs action link next to the Manage SBOMs drop-down button. This will display the Apply Windows KBs modal. This enables you to keep your Windows KB patching in Helm aligned with your internal Windows KB testing and recommendations to your customers.
Copy and paste the KBs into the KBs to apply list box. Make sure all values are separated with a comma. If you’re pasting from a spreadsheet, you can use the JOIN function in Excel or Google Sheets. This uses the Google Sheets example: JOIN(“,”, A2:A20), where cells A2-A20 contain the patch (KB) numbers you want to comma separate. Copy and paste that calculated string directly into the Patches (KB) field. Any patch (KB) number that is comma-separated will automatically be converted into a chip. Note that you do not need to include the “KB” in front of the Windows patch (KB) numbers, but if you do, our system will strip those out.
If there are already KBs applied, they display in the box to the right, KBs already applied. You can remove any erroneously applied KBs from here in order to keep your device version aligned with your ideal patch recommendations to your customers.
Click Apply changes. This will add the new KBs to this product version. If you removed any KBs, they will be removed. We do not do any validation on these KBs beyond numeric value validation, as there could be non-security related KBs that you have applied, or the KB could have been released after we’ve performed a daily sync with the Windows sources we use to extract updated KB information.
After applying KBs, you’ll see a success message letting you know which KBs were applied, as well as how many vulnerabilities they resolved.
Last updated