Security Updates check
Applies To: Forefront Client Security
The Security Updates SSA check determines which approved Microsoft security updates are missing on the scanned computer. Microsoft typically releases security updates on the second Tuesday of each month.
This check helps to:
Identify available security updates.
Identify updates that have not been installed past their deadlines.
Identify updates that have been installed but require a full system restart to complete installation.
Track installation of new security updates.
Results are grouped by product family.
There are three types of updates, as follows:
Security update—An update that has a Security Bulletin ID and has been assigned a Microsoft Security Response Center (MSRC) Severity value.
Cumulative security update—An update with no Security Bulletin ID and no assigned MSRC Severity, but it supersedes one or more security updates. For example, Windows XP Service Pack 2 (SP2) is a cumulative security update.
Non-security update—An update with no Security Bulletin ID and no assigned MSRC Severity, and it does not supersede any security updates. This SSA check does not include this type of update in scoring.
There are four MSRC Severity values:
Critical
Important
Moderate
Low
For more information about these values, see Responding to detected vulnerabilities.
Resolutions for potentially unacceptable scores
Review the results message associated with the score.
If there are Microsoft security updates missing, it is recommended that you apply the security updates.
If the scanned computer requires a restart to complete an update, restart the computer.
Scoring and results
This check generates scores on three levels:
Overall
Product family
Per update
Overall scoring
The following table shows how Client Security determines the overall score resulting from assessing security updates on the scanned computer.
| Score | One or more security updates not installed or requiring restart | One or more cumulative security updates superseding security updates not installed or requiring restart | Have not connected to update service in over 72 hours or last contact time unknown | Results message |
|---|---|---|---|---|
High |
Yes |
Yes or No |
Yes or No |
Number of updates requiring installation or system restart on the scanned computer: number of missing updates (include both security updates and cumulative security updates). |
Medium |
No |
Yes |
Yes or No |
Number of cumulative security updates requiring installation or system restart on the scanned computer: number. |
|
No |
No |
Yes |
Scanned computer failed to connect to the configured update service. |
Low |
No |
No |
No |
No updates are missing and no system restart is required on the scanned computer. |
Product family scoring
The following table shows how Client Security determines the score for a product family, resulting from assessing security updates on the scanned computer.
| Score | One or more security updates (within product family) not installed or requiring restart | One or more cumulative security updates (within product family) superseding security updates not installed or requiring restart | Results message |
|---|---|---|---|
High |
Yes |
Yes or No |
Number of updates requiring installation or system restart on the scanned computer: number of missing updates (include both security updates and cumulative security updates). |
Medium |
No |
Yes |
Number of cumulative security updates requiring installation or system restart on the scanned computer: number. |
Low |
No |
No |
No updates are missing and no system restart is required on the scanned computer. |
Per update scoring
The criteria for scoring per update differ depending on whether the update is a security update or a cumulative security update.
Security update scoring
The following table shows how Client Security determines the score for a specific security update.
| Score | Security update is installed | Security update requires restart to complete | Results message |
|---|---|---|---|
High |
No |
Not applicable |
This security update is not installed on the scanned computer. MSRC severity: severity. |
|
Yes |
Yes |
This security update was installed on the scanned computer, but the installation required a system restart that has not yet taken place. MSRC severity: severity. |
Low |
Yes |
No |
This security update was successfully installed on the scanned computer. MSRC severity: severity. |
Cumulative security update scoring
The following table shows how Client Security determines the score for a specific cumulative security update.
| Score | Cumulative security update is installed | Cumulative security update requires restart to complete | Results message |
|---|---|---|---|
Medium |
No |
Not applicable |
This cumulative security update supersedes one or more security updates and is not installed on the scanned computer. |
|
Yes |
Yes |
This cumulative security update supersedes one or more security updates and was installed on the scanned computer, but the installation required a system restart that has not yet taken place. |
Low |
Yes |
No |
This cumulative security update supersedes one or more security updates and was successfully installed on the scanned computer. |