Microarchitectural Data Sampling (MDS) Vulnerabilities [Intel] - Do SVM detect and report on it?
Intel has recently disclosed new 'speculative execution' vulnerabilities that affect millions of computers with Intel processors. Many tech giants already issued a patch, including Microsoft. Software Vulnerability Manager can detect the security flaws and the missing Microsoft update KB that needs installing.
The vulnerabilities are listed in SA89022 and detected on systems that are not obstructed to fetch Windows Update information from the source that has been configured under Configuration > Settings in SVM 2019. (Settings > Assessment > Scan Configuration in SVM Next).
NOTE: If your Windows Update setting in SVM 2019 is set to Managed Server or WMI Check (alone), ensure that KB4499164 (Windows 7) and all other required KBs (for other flavors) are imported to your System Center Configuration Manager database, or imported manually in WSUS and Approved for all hosts. Only then clients can get the data which systems are missing the KBs.
If your Windows Update settings are set to Online servers or CAB file, you should get the KBs directly in any of your SVM editions only on the systems that have unobstructed online access.
Tip: Create new host-based Smart Group and use the Missing KB criteria to track every system being impacted in a separate group for proper visibility.