Manually apply a corrective action (Microsoft KB)

Applying corrective actions for vulnerabilities relative to Microsoft products updated through KB is achievable directly from Cyberwatch.

However, some of these vulnerabilities status is still “to be processed manually”, meaning they can’t be processed by Cyberwatch.

The reason is that Windows Update is not configured to handle updates for these products on this system.

By default, Windows Update only handles updates related to the operating system and not for other Microsoft products such as Office, .Net, SQL Server… Changing this behavior requires tweaking the system’s configuration to allow Windows Update to look for updates on all Microsoft products.

Allowing Windows update to look for updates on all Microsoft products

Official Microsoft documentation to enable this setting.

The link focuses on Office specifically, but enables update of all Microsoft products, not only Office

Setting this option to “On” should allow Cyberwatch to apply corrective actions directly through the Patch Management module. Note that this change will take action after the next vulnerability scan.

Applying this change on multiple assets

In order to apply the previous change automatically on multiple Windows assets, the best way is to use Microsoft’s official recommendation using GPO on an Active Directory.

Links to Microsoft’s official documentation:

• regarding all GPOs
• how to use GPO to configure Windows Update