Windows Patch Chain Improvements

What’s happening?

Tenable is releasing an update for Windows vulnerability patch chains in order to increase accuracy of recommended solutions. More accurate solutions will empower teams to make efficient and complete updates to remediate the active vulnerabilities.

Why is this necessary?

Before 2018, the Windows plugins would be written for a particular bulletin.  From 2018 going forward, the plugins are very specific to a target OS.  If patching is significantly out-of-date, long patch chains may be created for any hosts as part of a bulletin. These hosts may have different solutions and so rolling them up together results in inaccuracies.

How does it work?

Tenable will be introducing a filter to constrain the Windows bulletin patch chains to only the Windows bulletin plugin families. This prevents checks that are less specific from creating bridges between unrelated OS.  Additionally, we will be improving the grouping of our plugins to ensure that the chains we create are specific to a particular OS bundle or product. This will split up chains in certain cases but the resulting separate chains will individually be more accurate. 

How does this update affect me?

Customers with findings from plugins for Microsoft Windows Bulletins may see some of those chains broken up into 2 or more chains.  As an example, our “Windows 2022 / Azure Stack HCI 22H2” plugins will be grouped into one single chain that will no longer include older versions of Windows or Azure Stack HCI.  The older versions will show up in a separate chain or separate set of chains. This change is specific to the Solutions view and does not impact findings.

For example, before the change, customers could see many Windows hosts that are not related to the Windows 2022 / Azure Stack HCI Security Update recommended solution.

After the change, customers will only see the hosts related to the Windows 2022 / Azure Stack HCI Security Update.

When is Tenable releasing the update?

The target release date is March 18, 2024.

What products does this change affect?

Any Tenable product that uses the Solutions view.  This includes:

• Tenable Security Center
• Tenable Lumin

What changes do I need to make?

For SC customers, ensure both the plugin feed and SC feed has been updated from the date March 19, 2024 or later.  For Lumin customers, no action is required. After the update, the patch chains would be updated on your next scan.

Does Tenable anticipate making additional changes to the patch chains?

We will continue to evaluate the accuracy of the patch chains and make improvements where necessary. Share feedback with your Tenable Customer Success Manager (CSM) if you have concerns or encounter any issues. Future updates will be announced via the same communication channels as this update.