Is there any way to push out Windows Store security updates for vulnerabilities (such as for https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31946) either via WSUS or GPO? Our vulnerability assessment tools show that the vulnerable versions of the applications are still on a lot of machines.
We found 2 things in the update process:
1) Currently users will get the security updates when their log into their profiles, which is OK for the active profile, though we would like to get the updates out system-wide.
2) If some users have installed vulnerable apps on a shared machine, then the apps that were installed on a profile which is not logged into are not updating and that machine is still flagged as vulnerable. We don't know how to update these "passive" profiles. Or we would be OK removing a profile after 30 days to remove the vulnerability -- but we don't know if there is a GPO way to accomplish this either.
thanks
