UCF STIG Viewer Logo

Security-related Software Patches are not applied.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3828 2.019 SV-29727r1_rule Medium
Description
Major software vendors release security patches and hot fixes to their products when security vulnerabilities are discovered. It is essential that these updates be applied in a timely manner to prevent unauthorized persons from exploiting identified vulnerabilities. The Severity code may be elevated to a Category I if patches deemed Critical have not been applied.
STIG Date
Windows 2008 Member Server Security Technical Implementation Guide 2019-06-18

Details

Check Text ( C-35r1_chk )
Verify that the site is applying all security-related patches released by Microsoft. Determine the local site method for doing this (e.g., connection to a WSUS server, local procedure, etc.).

Severity Override: If any of the patches not installed are Microsoft ‘Critical’, then the category code should be elevated to ‘1’.

Note: If a penetration scan has been run on the network, it will report findings if security-related updates are not applied. Then, this check may be marked as “Not Applicable”.

Some applications (such as DMS and GCSS) use a system release process to keep systems current. If this is the case, then these systems should be at the current release.
Fix Text (F-63r1_fix)
Apply all Microsoft security-related patches to the Windows system.