Deploying patches and fixes, Important information about patches and fixes – HP Insight Vulnerability and Patch Manager Software User Manual

Deploying patches and fixes 60

Deploying patches and fixes

This section provides an overview of using Vulnerability and Patch Management Pack to deploy
patches and configuration fixes.
Patches and configuration fixes can be deployed immediately or scheduled for deployment at a later

time. Patches and fixes can be selected individually from the database for deployment to all systems

or any combination of specified systems without performing a scan. Patches and fixes can also be
deployed for all vulnerabilities identified in a particular scan.
Patches come from the software vendor and can be updated to existing software, registry, or

configuration settings or files. Configuration fixes resolve incorrect system settings that can leave the

system open to security threats, such as open ports or services running that are not required.

NOTE:

Not all vulnerability issues found can be programmatically fixed or patched. Scan results

often provide a suggested fix that must be manually performed.

Important information about patches and fixes

•

Target systems are rebooted if required by the installed or removed patch, based on the reboot

information obtained from the original patch source. Reboot information might occasionally

inaccurately indicate whether a patch installation requires a reboot.

•

If multiple patches requiring reboots are applied, target systems are only rebooted once after all

patches are applied. Required reboots can be deferred and performed later. HP recommends

performing required reboots as soon as possible because the status of patched systems might be

unstable when a required reboot is deferred.

•

To determine patch applicability, Vulnerability and Patch Management Pack might enhance

patch detection criteria to be more precise than vendor information. These patches appear with

an asterisk in the Patch Source column. HP does not modify the patch itself.

•

Risk and Vulnerability ID information might not appear because this information was not

available at the time the patch was acquired. The information appears when the vulnerability

database is updated to include this information.

•

By default, patches are sorted by the latest release date. Select a column heading to

re-sort patches.

•

Target systems that are down at the time of a scheduled patch application are patched when the

system is brought online.

Deploying patches and fixes based on a

vulnerability scan

After a vulnerability scan has been performed and it is determined that security vulnerabilities or

configuration errors exist, perform the steps in the following sections to deploy patches, configuration

fixes, or both.
Vulnerabilities that require manual fixes or vulnerabilities for which the patch has not been acquired
are listed but not available for selection.