Patch Management Solution

I had a previous post about KB954430 within MS08-069 getting disabled in Patch Management 7.5.  This appears to be because Microsoft deems it to be replaced by KB2721691 in MS12-043, and then THAT replaced by KB2758694.

Now, my problem is... Altiris disables the old KB954430 within MS08-069, when both MBSA and Windows Update itself both report they want to install it.

KB2758694 within MS13-002 is enabled in Patch Management, but it's not appearing to be applicable anywhere.

With KB2758694 being not applicable, and the old KB954430 being disabled, MSXML 4 is left with security holes.

If Microsoft itself is not attempting to install later versions of MSXML 4 via Windows Update, I am assuming some Patch Management logic is lacking here.

I've spent enough time trying to understand the supersedence, and it appears that while KB2758694 supersedes KB954430 and KB2721691 on paper, it doesn't look like applicibility rules are truly correct.

Any help would be appreciated.

If Microsoft are still targeting the system with that patch, then you will need to contact support so that they can then work with Shavlik in order to get the rules corrected to match Microsoft.

I was advised by Support to submit an enhancement request (idea) on Connect to suggest that KB954430 in MS08-069 remain enabled, based on Windows Update and MBSA scan.

Hi Aaron_y,

I believe this enchancement request has been implemented in Patch Data 7.1.516 according to http://www.symantec.com/connect/ideas/please-keep-kb954430-ms08-069-enabled-instead-superseded

Thank you,

Roman