Patch status wrong

Brass Contributor

Azure security center shows vm needing a patch, but Azure Update Management and local VM show it as installed.
What is the update frequency on the data in security center ? It's been installed for ~24h and still it shows as needed in recommendations.

 

the query in security center for showing which computer is affected is:

Update
| where UpdateState =~ "Needed" and iff(isnotnull(toint(Optional)), Optional == false, Optional == "false") == true and iff(isnotnull(toint(Approved)), Approved != false, Approved != "false") == true and UpdateID == "0641752f-29fb-48d7-a3cf-f93dde26b82b"
//| Removed subscription ID
| summarize AggregatedValue = dcount(SourceComputerId) by SourceComputerId, Computer
| limit 1000000000

the one in Update manager showing its installed is

Update
| where UpdateID == "0641752f-29fb-48d7-a3cf-f93dde26b82b" //added updateid for this update
| where TimeGenerated>ago(14h) and OSType!="Linux" and (Optional==false or Classification has "Critical" or Classification has "Security") and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, *) by Computer, SourceComputerId, UpdateID
| where Approved!=false and Computer=="server.domain.com" // removed affected servername 
| render table

 

0 Replies