Identify software vulnerabilities in mecm
Question
Hi
I have been tasked to look at a clients mecm CB environment to identify and understand their general posture around software updates and general patching across their windows OS device environment.
So far I have reviewed the general health of the environment, reviewed their SUP and WSUS configuration but want to understand from the reporting whether devices are receiving their windows OS, office and third party patching are being deployed in a timely fashion.
Third party patching is handled by patch my pc and these software updates are synced into mecm through software updates.
Is there any guidance on where I should start? I think it would be the built in reports in mecm but unsure exactly which ones will give me the information I require.
Many thanks all
Answers ( 7 )
CMPIVOT :::::
https://www.anoopcnair.com/find-devices-missing-patches-using-configmgr-cmpivot-query-sccm/
https://www.anoopcnair.com/download-a-custom-report-to-find-out-all-patches-installed-to-a-system-via-software-updates-and-std-package/
https://www.anoopcnair.com/configmgr-sccm-patch-management-pros-and-cons/
I will be posting multiple links and those will hopefully get you started.
https://www.anoopcnair.com/new-scm-security-compliance-manager-v-3-0-60-is-ready-for-download/
I think normally PatchMyPC and other third-party vendors provide software vulnerabilities reports analysis.
I have also seen Ivanti and other vendors provide the similar reports
I think it’s worth asking PatchMyPC. I’m sure they will have answers for you.
Thanks Anoop.
From a Microsoft OS and Office updates. I assume that will be in MECM, would you recommend any particular reports that I should use?
The client used a third party vulnerability solution from Tenable and that is reporting vulnerabilities and so what I want to do is determine whether the information seen in the 3rd party tool is what is seen from a MECM perspective.
Thanks
I have not seen this type of reports in memcm
I have listed all the default reports below
https://www.anoopcnair.com/configmgr-software-updates-reports-default-sccm/