Changes are coming to https://stigviewer.com.
Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey
Security-related Software Patches are not applied.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-3828 | 2.019 | SV-29727r1_rule | VIVM-1 | Medium |
| Description |
|---|
| Major software vendors release security patches and hot fixes to their products when security vulnerabilities are discovered. It is essential that these updates be applied in a timely manner to prevent unauthorized persons from exploiting identified vulnerabilities. The Severity code may be elevated to a Category I if patches deemed Critical have not been applied. |
| STIG | Date |
|---|---|
| Windows 2008 Member Server Security Technical Implementation Guide | 2015-06-03 |
Details
| Check Text ( C-35r1_chk ) |
|---|
| Verify that the site is applying all security-related patches released by Microsoft. Determine the local site method for doing this (e.g., connection to a WSUS server, local procedure, etc.). Severity Override: If any of the patches not installed are Microsoft ‘Critical’, then the category code should be elevated to ‘1’. Note: If a penetration scan has been run on the network, it will report findings if security-related updates are not applied. Then, this check may be marked as “Not Applicable”. Some applications (such as DMS and GCSS) use a system release process to keep systems current. If this is the case, then these systems should be at the current release. |
| Fix Text (F-63r1_fix) |
|---|
| Apply all Microsoft security-related patches to the Windows system. |