Filtering Windows Patch View by Patch Type

If nothing is selected in this filter, then nothing will be filtered out of the patch catalog and all patch types will be included in the top pane.

This filter is used to specify the types of patches, and the vendor severity levels of those patches, that should be displayed in the top pane. The options are:

  • Security Patches: Security bulletin related patches. You can choose to include one or more specific severity levels. If a bulletin has multiple QNumbers with different severity levels, the most severe level will be shown. The specific states of each QNumber can be viewed by selecting the affected products in the Patch Information tab.
    • Critical: Vulnerabilities that can be exploited by an unauthenticated remote attacker or vulnerabilities that break guest/host operating system isolation. The exploitation results in the compromise of confidentiality, integrity, availability user data, or processing resources without user interaction. Exploitation could be leveraged to propagate an Internet worm or execute arbitrary code between virtual machines and the host.
    • Important: Vulnerabilities whose exploitation results in the compromise of confidentiality, integrity, or availability of user data and processing resources. Such flaws could allow local users to gain privileges, allow authenticated remote users to execute arbitrary code, or allow local or remote users to easily cause a denial of service.
    • Moderate: Flaws where the ability to exploit is mitigated to a significant degree by configuration or difficulty of exploitation, but in certain deployment scenarios could still lead to some compromise of the confidentiality, integrity, or availability of user data and processing resources. These are the types of vulnerabilities that could have had a critical impact or important impact but are less easily exploited based on a technical evaluation of the flaw, or affect unlikely configurations.
    • Low: All other issues that have a security impact. Vulnerabilities where exploitation is believed to be extremely difficult, or where successful exploitation would have minimal impact.
    • Unassigned: Security patches that have not been assigned a severity level.
  • Software Distribution: Free third-party products that can be deployed by Security Controls
  • Security Tools: Updates for security tools such as Windows Defender and Windows Malicious Software Removal Tool. Also includes certificate updates and hotfixes for known security risks that are not yet fully supported by a security bulletin.
  • Non-security Patches: Vendor patches that fix known software problems that are not security issues. You can choose to include one or more specific vendor severity levels. See Security Patches for a description of the available severity levels.
  • Custom Actions: Displays the null patch (MSST-001) that is used when performing a custom action.