URGENT - Time to fix and provide a total Patching solution (Part II)

URGENT - Time to fix and provide a total Patching solution (Part II)

A Thread with the same topic was of 10 Mar 2016

Since there was no reply to the public,
that shows a progress with this topic,
I will illustrate my experience here:

We have the same issue as the author of the other thread.

When we update the DC Vulnerability DB, scan the systems, patch the systems,
if necessary boot the systems, and scan them again, DC (sometimes) shows this
systems as "Healthy" and does not find any missing patch at that time. When we
started with DC we crosschecked this with WindowsUpate on the systems and
there was no reason to complain about something.

I relied on this (in the past).

Then, after a DC Vulnerability DB Update and new scan, in more than 100, previous healthy systems,
the state changed to highly vulnerable because patch <16988 MS15-011 KB30000483> was missing.

This patch was released more than one year ago!


We update the DC Vuln. DB nearly every Day and scan systems nearly every day.
Now, more than one year post release, this patch is suddenly missing in more
than 100 machines?

The next day the DCVDB was updated again and all systems scanned  thereafter. Got a bit confused,
because the more than 100 machines were healthy again and DC did not show that patch as missing.

Now, suspicious of that whole thing,  I made spot checks to see, if WindowsUpdate and DC will find
the same missing patches.

The result was alarming.

DC shows no missing patches,
Windows Update shows 10 to 20 patches,
as you can see in the attached images taken from one of those machines below.
Updated DC to Rel. 92041, no luck, same thing.


DC MissingPatches:




WindowsUpdate MissingPatches:



This behaviour is nothing I can rely on.
When will this be fixed?





                New to ADSelfService Plus?