Export (0) Print
Expand All

Security Updates check

Published: December 16, 2009

Applies To: Forefront Client Security

The Security Updates SSA check determines which approved Microsoft security updates are missing on the scanned computer. Microsoft typically releases security updates on the second Tuesday of each month.

This check helps to:

  • Identify available security updates.

  • Identify updates that have not been installed past their deadlines.

  • Identify updates that have been installed but require a full system restart to complete installation.

  • Track installation of new security updates.

Results are grouped by product family.

There are three types of updates, as follows:

  • Security update—An update that has a Security Bulletin ID and has been assigned a Microsoft Security Response Center (MSRC) Severity value.

  • Cumulative security update—An update with no Security Bulletin ID and no assigned MSRC Severity, but it supersedes one or more security updates. For example, Windows XP Service Pack 2 (SP2) is a cumulative security update.

  • Non-security update—An update with no Security Bulletin ID and no assigned MSRC Severity, and it does not supersede any security updates. This SSA check does not include this type of update in scoring.

There are four MSRC Severity values:

  • Critical

  • Important

  • Moderate

  • Low

For more information about these values, see Responding to detected vulnerabilities.

Resolutions for potentially unacceptable scores

Review the results message associated with the score.

If there are Microsoft security updates missing, it is recommended that you apply the security updates.

If the scanned computer requires a restart to complete an update, restart the computer.

Scoring and results

This check generates scores on three levels:

  • Overall

  • Product family

  • Per update

Overall scoring

The following table shows how Client Security determines the overall score resulting from assessing security updates on the scanned computer.

 

Score One or more security updates not installed or requiring restart One or more cumulative security updates superseding security updates not installed or requiring restart Have not connected to update service in over 72 hours or last contact time unknown Results message

High

Yes

Yes or No

Yes or No

Number of updates requiring installation or system restart on the scanned computer: number of missing updates (include both security updates and cumulative security updates).

Medium

No

Yes

Yes or No

Number of cumulative security updates requiring installation or system restart on the scanned computer: number.

  

No

No

Yes

Scanned computer failed to connect to the configured update service.

Low

No

No

No

No updates are missing and no system restart is required on the scanned computer.

Product family scoring

The following table shows how Client Security determines the score for a product family, resulting from assessing security updates on the scanned computer.

 

Score One or more security updates (within product family) not installed or requiring restart One or more cumulative security updates (within product family) superseding security updates not installed or requiring restart Results message

High

Yes

Yes or No

Number of updates requiring installation or system restart on the scanned computer: number of missing updates (include both security updates and cumulative security updates).

Medium

No

Yes

Number of cumulative security updates requiring installation or system restart on the scanned computer: number.

Low

No

No

No updates are missing and no system restart is required on the scanned computer.

Per update scoring

The criteria for scoring per update differ depending on whether the update is a security update or a cumulative security update.

Security update scoring

The following table shows how Client Security determines the score for a specific security update.

 

Score Security update is installed Security update requires restart to complete Results message

High

No

Not applicable

This security update is not installed on the scanned computer. MSRC severity: severity.

  

Yes

Yes

This security update was installed on the scanned computer, but the installation required a system restart that has not yet taken place. MSRC severity: severity.

Low

Yes

No

This security update was successfully installed on the scanned computer. MSRC severity: severity.

Cumulative security update scoring

The following table shows how Client Security determines the score for a specific cumulative security update.

 

Score Cumulative security update is installed Cumulative security update requires restart to complete Results message

Medium

No

Not applicable

This cumulative security update supersedes one or more security updates and is not installed on the scanned computer.

  

Yes

Yes

This cumulative security update supersedes one or more security updates and was installed on the scanned computer, but the installation required a system restart that has not yet taken place.

Low

Yes

No

This cumulative security update supersedes one or more security updates and was successfully installed on the scanned computer.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft