About finding and fixing software vulnerabilities

Kaspersky Security Center Linux detects and fixes software vulnerabilities on managed devices running Microsoft Windows operating systems. Vulnerabilities are detected in the operating system and in third-party software, including Microsoft software.

Finding software vulnerabilities

To find software vulnerabilities, Kaspersky Security Center Linux uses characteristics from the database of known vulnerabilities. This database was created and is kept up-to-date by Kaspersky specialists. It contains information about vulnerabilities, such as vulnerability description, vulnerability detection date, and vulnerability severity level. You can find the details of software vulnerabilities on the Kaspersky website.

Kaspersky Security Center Linux uses the Find vulnerabilities and required updates task to find software vulnerabilities.

Fixing software vulnerabilities

To fix software vulnerabilities, Kaspersky Security Center Linux uses software updates issued by software vendors. The metadata of the software updates is downloaded to the Administration Server repository as the result of running the Download updates to the Administration Server repository task. This task is intended to download the metadata for Kaspersky and third-party software updates. This task is created automatically by the Kaspersky Security Center Linux quick start wizard. You can also create the Download updates to the Administration Server repository task manually.

Software updates to fix vulnerabilities can be represented as full distribution packages or patches. Software updates that fix software vulnerabilities are named fixes. Recommended fixes are those that are recommended for installation by Kaspersky specialists. User fixes are those that are manually specified for installation by users. To install a user fix, you have to create an installation package containing this fix.

If you have the Kaspersky Security Center Linux license with the Vulnerability and patch management feature, you can use the Install required updates and fix vulnerabilities task. This task automatically fixes multiple vulnerabilities by installing recommended fixes. For this task, you can manually configure certain rules to fix multiple vulnerabilities.

If you do not have the Kaspersky Security Center Linux license with the Vulnerability and patch management feature, you can use the Fix vulnerabilities task. By using this task, you can fix vulnerabilities by installing recommended fixes for Microsoft software and user fixes for other third-party software.

For security reasons, any third-party software updates that you install by using the Vulnerability and patch management feature are automatically scanned for malware by Kaspersky technologies. These technologies are used for automatic file check and include virus scan, static analysis, dynamic analysis, behavior analysis in the sandbox environment, and machine learning.

Kaspersky experts do not perform manual analysis of third-party software updates that can be installed by using the Vulnerability and patch management feature. In addition, Kaspersky experts do not search for vulnerabilities (known or unknown) or undocumented features in such updates, nor do they perform other types of analysis of the updates other than those specified in the paragraph above.

A user interaction may be required when you update a third-party application or fix a vulnerability in a third-party application on a managed device. For example, the user may be prompted to close the third-party application if it is currently open.

To fix some software vulnerabilities, you must accept the End User License Agreement (EULA) for installing the software if EULA acceptance is requested. If you decline the EULA, the software vulnerability is not fixed.