Product Version: 6.5.0.0
Overview
This article provides a step-by-step guide to remediate operating system (OS) related patches using a WSUS (Windows Server Update Services) server via the Saner CVEM console. Following this procedure ensures that the required patches are successfully approved and deployed to target devices.
Procedure
1. Before Patch Approval
a. Identify Missing Patches
In the Saner CVEM console, review the Missing Patches list.
Note down the relevant KB number (e.g., KB5041016).
b. Verify Patch Availability on WSUS
On the WSUS server, search for the identified patch using its KB number.
Check its current approval status (Approved or Not Approved).
c. Attempt Remediation Without Approval (Testing)
From the Saner CVEM console, attempt to remediate the patch without approval.
The remediation will fail with the reason:
"The required patch is not found in the software repository."
2. After Patch Approval
a. Approve the Patch in WSUS
On the WSUS server, search for the specific KB number.
Right-click the patch and select Approve.
b. Select Target Devices
In the approval window, choose the appropriate computer group.
Select Approved for Install and click OK.
c. Confirm Approval
A confirmation popup will appear indicating successful approval.
Click Close to complete the approval process.
d. Retry Remediation via Saner CVEM
Go to the Saner CVEM console and re-initiate the remediation.
The patch deployment should now complete successfully.
Additional Notes
Ensure the WSUS server is synchronized with Microsoft Update to have the latest patch catalogue.
Use the Saner CVEM console to monitor the remediation process and verify successful patch deployment.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article