Apply Windows KB to resolve a vulnerability

In the Vulnerabilities table, you'll see an update indicator next to Windows OS Vuln IDs that can be resolved by applying a Windows KB.

Note: Depending on the degree of completeness of your SBOM, it may be in a draft or interim state, in which you are still applying Windows KBs to the digital twin of your product version in order to stay in sync with what you've already applied to your physical test device. If so, you may be able to apply a KB to resolve this vulnerability to this current version. If you're dealing with an SBOM in a final state or already released, you'll want to make a ticket to apply this KB to the next version of your SBOM, so that your digital and physical device versions stay in sync.

For each vulnerability that is not resolved, you can set an in progress status in the Status column -- this exact status will vary depending on what specification type you are using. For example, in CycloneDX, you could set it to In triage to indicate to your team that you're in the process of analyzing this. Once you’ve determined which KBs you need to apply to resolve a vulnerability, click the KB indicator next to the Vuln ID. This will display the Resolve panel panel.
In this panel, you'll see a list of suggested KBs. The top one is the one that is most recently released and contains the most rollups of the subsequent KBs. You can click each KB link to go to the Microsoft MSRC site to determine which KBs matches what you are applying to your physical test device to align your digital digital twin record accordingly.
Click Resolve with selected KB when you've chosen which KB you want to apply. You’ll see a success message letting you know which KB was applied, as well as how many and which vulnerabilities it resolved.
Next to the Vuln ID, you'll see a new shield indicator to indicate that a KB has been applied. You can hover over this to see what KB was applied to resolve this vulnerability.
Applying this KB will gray out the row, and will set the corresponding status to fixed.

PreviousManage multiple Windows KB (patching) levels in the field NextRemediate a vulnerability

Last updated 1 year ago

Was this helpful?