Why Some Windows KBs Appear in Vulnerability Scans but Not in Patch Manager

Last updated: December 23, 2025

In some cases, a Windows KB may appear in vulnerability scan results for an endpoint but not appear in the Patch Manager when searching for that same KB. This behavior is expected and is caused by how Windows updates and vulnerability data are identified and correlated within Cyrisma.

This article explains why this discrepancy occurs and how to interpret the results correctly.

Issue Overview

You may observe the following behavior:

  • A Windows KB (for example, KB5055528) appears in Vulnerability Scan results

  • That same KB does not appear under:

    • Patch Manager → Windows

    • Root Cause Breakdown

    • CVE or KB search results in Patch Manager

This can create confusion when attempting to verify whether a vulnerability has been addressed.

Why This Happens

Cyrisma uses different data sources depending on where patch information is displayed.

Vulnerability Scan Results

  • Identify vulnerabilities by matching CVEs to the original KB that remediates them

  • Display the KB historically associated with the vulnerability

Patch Manager (Windows)

  • Queries Windows Update directly on the endpoint

  • Displays only the most current cumulative update required by Windows

Microsoft Cumulative Update Behavior

Microsoft frequently bundles older KBs into newer cumulative updates.

Example scenario:

  • A vulnerability scan references KB5055528 as the fix for a CVE

  • Windows Update reports that KB5058405 is required

  • KB5058405 includes all fixes from KB5055528 and additional updates

Because the older KB is superseded, it does not appear independently in Patch Manager.

How Cyrisma Handles This

  • Vulnerability scans continue to reference the original KB tied to the CVE

  • Patch Manager reflects what Windows currently requires to be installed

  • Cyrisma prioritizes applying current Microsoft-recommended updates, not outdated KBs

This ensures remediation actions align with Microsoft’s supported patching model.

What You Should Do

If a KB appears in a vulnerability scan but not in Patch Manager:

  1. Search Patch Manager for the latest cumulative Windows update

  2. Verify the device is flagged as needing that update

  3. Apply the cumulative update

Applying the newer cumulative KB remediates the vulnerability associated with the older KB.

Tip: Patch Manager should be treated as the source of truth for which Windows updates still need to be applied.

Summary

Observation

Explanation

Action

KB appears in vulnerability scan

Scan references original KB tied to a CVE

Look for newer cumulative update

KB not found in Patch Manager

KB has been superseded by Microsoft

Apply the latest cumulative KB

CVE search doesn’t return the KB

Patch Manager shows only current updates

Use Patch Manager for remediation

This behavior is expected and does not indicate a reporting error or missed patch.