Académique Documents
Professionnel Documents
Culture Documents
Microsoft Corporation
Situation
Product ship
Vulnerability discovered
Component modified
Patch released
Exploit Timeline
exploit patch code
Triaged for Criticality Documentation Developed Field Guidance Developed Patch Released & Notification Sent
Critical Low Important None Moderate Security Bulletin Knowledge Base Article Premier Customer Alert
Patch Tested
Patches released*
Associated with patch release: Security bulletin Updated MSSecure.xml file for MBSA Patch (including localized versions) on Windows Update and Download Center Update catalog for SUS
release schedule, the second Tuesday of every month (if there are some to release, sometimes there are none, as was the case for March 2005) Security Notification Service sends an alert 3 business days ahead of time New alert mechanisms such as RSS Feed, IM, or MSRC Blog Security Bulletins now very comprehensive, detailed Language clear and concise
Enhancements to the Advanced Notification Program in November 2004 to assist with Program introduced
preparation and resource planning Expanded to include the following information each month:
Strains of malicious software that will be cleaned with the Malicious Software Removal tool Information about the detection tool applicable to the upcoming security updates Any non-security, high priority updates on Windows Update that will be released on the same day as security updates
More information:
www.microsoft.com/technet/security/bulletin/advance.mspx
MSN Messenger user can receive a popup whenever new information is available For more information: www.microsoft.com/security/bulletins/alerts.mspx
Resources
Security Bulletins Summary Security Bulletins Search
www.microsoft.com/technet/security/bulletin/ms05-Apr.mspx www.microsoft.com/technet/security/current.aspx
www.microsoft.com/windowsserver2003/default.mspx www.microsoft.com/technet/security/secnews/default.mspx
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?Ev =1032268810&Culture=en-US
Built upon a Management Architecture The MSM offering may be downloaded from
http://www.microsoft.com/technet/itsolutions/msm
http://www.microsoft.com/technet/security/topics/patchmanagement.mspx
1. Assess
2. Identify
4. Deploy
4. Deploy the Patch
Tasks A. Distribute and install patch B. Report on progress C. Handle exceptions D. Review deployment
Moderate
Low
Patching Timeframes
Severity Rating
Critical Important Moderate Low
Potential Impact
Decrease timeframe Decrease timeframe
Mitigating factors in place or will be quickly put in place Increase timeframe Low risk of exposure for impacted assets Increase timeframe
Accurate and up-to-date inventory information is essential to the process Is the management infrastructure able to support patch management
Use change management process to ensure all parties agree with need to deploy
If critical, use an expedited process!
Solution Components
Analysis Tools
Microsoft Baseline Security Analyzer (MBSA) Office Inventory Tool
Management Automatic Updates (AU) feature in Windows Tools Software Update Services (SUS)
Systems Management Server (SMS)
Prescriptive Guidance
Microsoft Guide to Security Patch Management Patch Management Using SUS Patch Management Using SMS
Office Update
MS Download Center
All Microsoft products All types of content
Security patches, critical Security patches, security rollups, critical updates, SPs and updates, and SPs driver updates
Yes User initiated -- automatically detects, downloads, & installs updates via online service Automatic Updates initiated automatically detects & downloads updates
Yes User initiated -automatically detects, downloads, & installs updates via online service
No
Manual content search & download (from Windows Update Manual content search & download (from Office Catalog) Download Catalog)
Choosing A Patch Management Capability SMS 2003 Solution Windows Update SUS 1.0
Supported Platforms for Content Supported Content Types NT 4.0, Win2K, WS2003, Win2K, WS2003, WinXP WinXP, WinME, Win98 All patches, updates (including drivers), & service packs (SPs) for the above NT 4.0, Win2K, WS2003, WinXP, Win98 Only security & security rollup All patches, SPs & updates for patches, critical updates, & the above; supports patch, SPs for the above update, & app installs for MS & other apps
Granularity of Control
Targeting Content to Systems Network Bandwidth Optimization Patch Distribution Control Patch Installation & Scheduling Flexibility Patch Installation Status Reporting
No Yes
Yes Yes
Basic
Advanced
Admin (auto) or user (manual) Administrator control with granular controlled scheduling capabilities Limited
(client install history & server based install logs)
Comprehensive
(install status, result, and compliance details)
Adopt a Patch Management At Microsoft, our #1 Solutionconcern is the security and availability of your IT environment
If none of the Microsoft patch management solutions meet your needs consider implementing a solution from another vendor. Below is a partial list of available products:
Company Name
Altiris, Inc. BigFix, Inc. Configuresoft, Inc. Ecora, Inc. GFI Software, Ltd.
Product Name
Altiris Patch Management BigFix Patch Manager Security Update Manager Ecora Patch Manager GFI LANguard Network Security Scanner
Company URL
http://www.altiris.com http://www.bigfix.com http://www.configuresoft.com http://www.ecora.com http://www.gfi.com http://www.securitybastion.com http://www.landesk.com http://www.novadigm.com http://www.patchlink.com http://www.shavlik.com http://www.stbernard.com
Gravity Storm Software, LLC Service Pack Manager 2000 LANDesk Software, Ltd Novadigm, Inc. PatchLink Corp. Shavlik Technologies St. Bernard Software LANDesk Patch Manager Radia Patch Manager PatchLink Update HFNetChk Pro UpdateExpert
*Microsoft does not endorse or recommend a specific patch management product or company Note: Enterprise Systems Management products such as IBM Tivoli, CA Unicenter, BMC Patrol, and HP OpenView may also provide patch management functionality
Summary
Addressing the patch management issue is a top priority Taking a comprehensive, tactical & strategic approach Made progress, but much more work to be done Microsoft focused on:
Reducing the number of vulnerabilities & associated patches Improving customer preparedness, training & communication Simplifying & standardizing the patching experience Improving patch quality Unifying and strengthening patch management offerings
Key Recommendations:
Implement a good patch management process its the key to success Adopt a patch management solution that best fits your needs
Resources
Microsoft Security Response Center
To report a suspected vulnerability, send e-mail to Secure@Microsoft.Com