04-30-2010 06:44 AM - edited 02-21-2020 03:56 AM
I've noticed the NAC is not receiving some of the critical windows vulnerabilities in April's Security Bulletin. The latest one I have is MS10-020 but what about 025, 026, and 027? Is there a reason why Cisco does not create the necessary rules for these vulnerabilities? These rules are listed as a critical severity.
Thanks.
04-30-2010 08:49 PM
Hi,
It takes a couple of days for the rules and checks to be updated for the latest. Please check in a couple of days, and if it's still missing we'll take it up with the dev team.
HTH,
Faisal
05-01-2010 07:51 AM
Hi Faisal,
These patches were released by Microsoft over three weeks ago. Most customers I support begin patching usually a week afterwards and implement these checks in NAC a week or two after the deployment.
If you can look into this it would be appreciated. I really need to understand under what circumstances does Cisco create a rule for a specific hotfix. I realize they only address critical, but there are some critical patches listed in this thread which have not been addressed.
Thanks.
05-02-2010 04:07 PM
Hi,
I'll follow up on that and update later on.
Faisal
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: