Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-3828 | 2.019 | SV-25254r1_rule | Medium |
Description |
---|
Major software vendors release security patches and hot fixes to their products when security vulnerabilities are discovered. It is essential that these updates be applied in a timely manner to prevent unauthorized persons from exploiting identified vulnerabilities. The severity code may be elevated to a Category I if patches deemed Critical have not been applied. |
STIG | Date |
---|---|
Windows 7 Security Technical Implementation Guide | 2017-05-16 |
Check Text ( C-35r1_chk ) |
---|
Verify that the site is applying all security-related patches released by Microsoft. Determine the local site method for doing this (e.g., connection to a WSUS server, local procedure, etc.). Severity Override: If any of the patches not installed are Microsoft ‘Critical’, then the category code should be elevated to ‘1’. Note: If a penetration scan has been run on the network, it will report findings if security-related updates are not applied. Then, this check may be marked as “Not Applicable”. Some applications (such as DMS and GCSS) use a system release process to keep systems current. If this is the case, then these systems should be at the current release. |
Fix Text (F-63r1_fix) |
---|
Apply all Microsoft security-related patches to the Windows system. |