Drawback of superseded Report in Qualys

Here, we will talk about what drawbacks will be introduced in targeting detected vulnerability remediation by applying the exclusion of superseded vulnerabilities.

Let’s see what they are:-

1. The first drawback or challenge for a vulnerability analyst is that once you start to analyze your environment and target detected vulnerabilities.

• If any Microsoft patch is fixed for critical severity vulnerability which is one of Owasp’s top 10 categories and you or the remediation team missed fixing it in the same month.
• This critical fix is superseded by the current month If you are following the exclude superseded patches feature in the report template.
• The current month’s patch may not have the same severity as the previous month and you have exceptions for a few Sql and application servers on which patch deployment will be done when only you have critical patch
• In that scenario, you are going to miss a critical patch.

2. The second issue that you will face when you are planning to onboard a new server in your environment with zero vulnerabilities.

• The new build server will not be easily fixed with the latest patches if the golden that you used to build a server, is not patched in the last six months.
• Then the server's NTOS kernel version will not move quickly to the latest version and other updates as well. The patch will fail again and again

NOTE:-

• If you are updating your golden image on a quarterly basis then the exclusion of superseded will be great for remediating the multiple vulnerabilities by one patch.
• The same for missing critical patches, if you are ensuring that your all assets are patched with all fixes on a monthly basis then there will be no issue in using the exclusion of superseded vulnerabilities.

Hope, this story will help you with your daily vulnerability management operation.

Thank you

Will meet you in the next story…….