Supersedence in Windows

Supersedence is a property of Fixlets used in BigFix that provides multiple packages.

Superseded Fixlets are Fixlets that contain outdated packages. When a Fixlet is superseded, a newer Fixlet is created to replace it with the newer version of the packages. The description of the Superseded Fixlet contains the new Fixlet ID.

Figure 1. Superseded Fixlets

Understanding how Superscedence works in Patch

  1. Superseded patches with FALSE Statement.

    When the Windows application patches are superseded, BigFix does not allow you to install them by adding a relevance statement set to FALSE. These Fixlets will no longer become relevant for endpoints and you can use the latest Fixlet to patch your endpoints.

  2. Superseded Controlled Patches.
    In the latest version of BigFix Patch, there is an option to continually evaluate the applicability of the superseded patches.
    • Superseded Windows OS patches maintain their current applicability relevance and introduces an option to continue reporting relevant to endpoints that have not yet installed a patch (or a Superseding Patch).
    • This change allows you to continue reporting on older OS vulnerabilities because Superseded Patches can continue to report applicability when the vulnerability has not been patched.

    To deploy a Superseded Patch on an endpoint, set the client configuration parameter _BESClient_WindowsOS_EnableSupersededEval to 1.

    For details on client configuration settings, see BigFix Configuration Settings.

Note: BigFix does not supersede security updates with non-security updates because the security information (CVE-Values) is tied to a specific security update as well as the classification ("security update" vs "update"). Superseding them results in false security report.

For example, if you do not patch the latest updates on endpoints and you supersede the security updates, then you see only the non-security updates relevant, since it is not a security update. The report says that you do not have to do anything because endpoint is secure which is incorrect.

Note: Fixlets that are in a superseded state for more than a year will be removed and moved into an archive site. If any customer wants the masthead for an archived site, they should reach out to their BigFix Point of Contact.