Novell Patch Management Content Impact Mapping for Microsoft classifications.

Document ID:3607791
Creation Date:03-Apr-2008
Modified Date:30-Apr-2012
- Micro Focus Products:
  ZENworks Configuration Management
  ZENworks Patch Management

Environment

Novell ZENworks Patch Management 6.4 - ZPM6.4

Novell ZENworks Patch Management 6.3 - ZPM6.3

Novell ZENworks Patch Management 6.2 - ZPM6.2

Novell ZENworks 10 Configuration Management

Situation

Novell Patch Management impact terminology for its patch subscription closely follows the vendor impact terminology for vulnerability criticality. Each operating system has a vendor-specific impact rating and that impact is mapped to a Novell rating as described in this section. Novell Patch Management under the recommendations of Lumension Security, tends to increase or “round-up” the severity of the impact rating. For instance, Microsoft classifications for “Critical”, “Important”, and “Moderate” patches are all classified as “Critical” by Novell

Table 4 Details the rationale and the Windows patch severities. Source: Lumension Security.

Table 4: Content Impact Mapping

Patch Type (Impact)	Critical	Recommended	Software
Windows	*Critical Security* *Important* *Moderate* *Service Packs (Critical-01)*	*Recommended* *Low* *Microsoft Outlook 2003 Junk E-mail Filter Update*	*Software Distribution* *Microsoft Windows Malicious Software Removal Tool (Virus Removal)*
Others	*AV Updates (Critical-01)*

Patch Type (Impact)

Critical

Recommended

Software

Windows

Critical Security

Important

Moderate

Service Packs (Critical-01)

Recommended

Low

Microsoft Outlook 2003 Junk E-mail Filter Update

Software Distribution

Microsoft Windows Malicious Software Removal Tool (Virus Removal)

Others

AV Updates (Critical-01)

Additional Information

Additional info can be found athttp://www.microsoft.com/technet/security/bulletin/rating.mspx