[prev in list] [next in list] [prev in thread] [next in thread]
List: patchmanagement
Subject: RE: [patchmanagement] Patch audit - Tracking down missing patches
From: "Job Cacka" <job () ccbox ! com>
Date: 2018-07-27 18:16:25
Message-ID: 073101d425d5$ee341740$ca9c45c0$ () ccbox ! com
[Download RAW message or body]
This is a multipart message in MIME format.
Of the updates in that list that I checked they are .NET Security Only
updates for .NET 4.5.2
What version of .NET is on this system(s)? Current version would be 4.7.2
for supported OS.
https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-det
ermine-which-versions-are-installed#ps_a
Also you can use powershell to enumerate the installed .NET updates.
https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-det
ermine-which-net-framework-updates-are-installed
Can you upgrade all systems enmasse or is there some requirement to be on an
older version (like the system runs Exchange or SBS)?
Job
From: Joe Toskin [mailto:jtoskin@krns-inc.com]
Sent: Friday, July 27, 2018 10:26 AM
To: Patch Management Mailing List
Subject: RE: [patchmanagement] Patch audit - Tracking down missing patches
They just provided a list of KB's that are missing on one or more computers
in the environment, along with the number of missing patches per machine.
Not very helpful, I know. Here's a small grouping of patches that they sent
over:
KB4054170, KB4054171, KB4054172, KB4054174, KB4054175, KB4054176, KB4054177,
KB4054181, KB4054182, KB4054183, KB4054993, KB4054994, KB4054995, KB4054996,
KB4054997, KB4054998, KB4054999, KB4055000, KB4055001, KB4055002
I'm pretty sure those are part of one or more .net rollup patches from early
this year or late last year. I can research each one and either identify the
rollup it was a part of or make an educated guess, but that is so much
effort for little payoff. Why don't the KB articles link to a list of the
rolled up patches included in each release? Would having the CVE numbers
make it easier to easily identify the rollup patches that fix them?
Thanks,
Joe Toskin
NOC Engineer
K&R Network Solutions
5471 Kearny Villa Road #300
San Diego, CA 92123
From: Susan E Bradley, CPA/CITP/CFF, GSEC <sb@askwoody.com>
Sent: Friday, July 27, 2018 8:37 AM
To: Patch Management Mailing List
<patchmanagement@listserv.patchmanagement.org>
Subject: Re: [patchmanagement] Patch audit - Tracking down missing patches
Do they have patch numbers or CVE numbers?
Can you provide a sample and we can see what we can do for you as far as
assistance -- otherwise I think your patch auditing firm needs to provide
you with better actionable guidance as we live in a update rollup world/CVE
number world, not a KB world these days.
On 7/27/2018 6:00 AM, Brian McMahon wrote:
I'd look on the Security Guidance site, but I'm not 100% sure you would find
a specific answer regarding the Cumulative Updates. You might get more
information from the Quality updates, but they are month to month. My
assumption would be that if a particular KB had the update issued in May,
you could be confident that May, June, and July all had the update in the
cumulative update, but I don't know how you would prove it.
https://portal.msrc.microsoft.com/en-us/security-guidance
Brian McMahon
ASML-US IT
From: Joe Toskin <mailto:jtoskin@krns-inc.com> <jtoskin@krns-inc.com>
Sent: Thursday, July 26, 2018 5:12 PM
To: Patch Management Mailing List
<mailto:patchmanagement@listserv.patchmanagement.org>
<patchmanagement@listserv.patchmanagement.org>
Subject: [patchmanagement] Patch audit - Tracking down missing patches
I do patching for my organization. We are going through a security audit by
an outside firm and they provided me a list of missing Windows updates
related to known vulnerabilities. My task is to provide an explanation for
why I denied approval for any missing patch. The problem is that they sent a
list of KB's that aren't approved individually, but are instead included in
the rollups. How can I check if a specific patch KB is part of a
rollup/cumulative update? Is there an easily searchable web page correlating
the rollups with the patches contained in each one?
Thanks,
Joe Toskin
NOC Engineer
K&R Network Solutions
5471 Kearny Villa Road #300
San Diego, CA 92123
-- The information contained in this communication and any attachments is
confidential and may be privileged, and is for the sole use of the intended
recipient(s). Any unauthorized review, use, disclosure or distribution is
prohibited. Unless explicitly stated otherwise in the body of this
communication or the attachment thereto (if any), the information is
provided on an AS-IS basis without any express or implied warranties or
liabilities. To the extent you are relying on this information, you are
doing so at your own risk. If you are not the intended recipient, please
notify the sender immediately by replying to this message and destroy all
copies of this message and any attachments. Neither the sender nor the
company/group of companies he or she represents shall be liable for the
proper and complete transmission of the information contained in this
communication, or for any delay in its receipt.
---
PatchManagement.org is hosted by Shavlik
The content on the email list is intended for assisting administrators. If you would \
like to use any of this content in a blog or media publication, please contact the \
owners of the list for approval.
To unsubscribe send a blank email to leave-patchmanagement@patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement@patchmanagement.org
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:x="urn:schemas-microsoft-com:office:excel" \
xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type \
content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 \
(filtered medium)"><style><!-- /* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Lucida Console";
panose-1:2 11 6 9 4 5 4 2 2 4;}
@font-face
{font-family:"Lucida Console \;color\:\#385623";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Lucida Console \;color\:\#2E74B5";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
span.EmailStyle19
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Lucida Console";
color:#385623;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Courier New";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US \
link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span \
style='font-family:"Courier New";color:#1F497D'>Of the updates in that list that I \
checked they are .NET Security Only updates for .NET 4.5.2 <o:p></o:p></span></p><p \
class=MsoNormal><span style='font-family:"Courier \
New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span \
style='font-family:"Courier New";color:#1F497D'>What version of .NET is on this \
system(s)? Current version would be 4.7.2 for supported OS.<o:p></o:p></span></p><p \
class=MsoNormal><span style='font-family:"Courier New";color:#1F497D'><a \
href="https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determi \
ne-which-versions-are-installed#ps_a">https://docs.microsoft.com/en-us/dotnet/framewor \
k/migration-guide/how-to-determine-which-versions-are-installed#ps_a</a><o:p></o:p></span></p><p \
class=MsoNormal><span style='font-family:"Courier \
New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span \
style='font-family:"Courier New";color:#1F497D'>Also you can use powershell to \
enumerate the installed .NET updates.<o:p></o:p></span></p><p class=MsoNormal><span \
style='font-family:"Courier New";color:#1F497D'><a \
href="https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determi \
ne-which-net-framework-updates-are-installed">https://docs.microsoft.com/en-us/dotnet/ \
framework/migration-guide/how-to-determine-which-net-framework-updates-are-installed</a><o:p></o:p></span></p><p \
class=MsoNormal><span style='font-family:"Courier \
New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span \
style='font-family:"Courier New";color:#1F497D'>Can you upgrade all systems enmasse \
or is there some requirement to be on an older version (like the system runs Exchange \
or SBS)? <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier \
New";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span \
style='font-family:"Courier New";color:#1F497D'>Job<o:p></o:p></span></p><p \
class=MsoNormal><span style='font-family:"Courier \
New";color:#1F497D'><o:p> </o:p></span></p><div><div \
style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p \
class=MsoNormal><b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span \
style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> Joe \
Toskin [mailto:jtoskin@krns-inc.com] <br><b>Sent:</b> Friday, July 27, 2018 10:26 \
AM<br><b>To:</b> Patch Management Mailing List<br><b>Subject:</b> RE: \
[patchmanagement] Patch audit - Tracking down missing \
patches<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p \
class=MsoNormal><span style='color:#1F497D'>They just provided a list of KB’s \
that are missing on one or more computers in the environment, along with the number \
of missing patches per machine. Not very helpful, I know. Here’s a small \
grouping of patches that they sent over:<o:p></o:p></span></p><p \
class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p \
class=MsoNormal><span style='color:#1F497D'>KB4054170, KB4054171, KB4054172, \
KB4054174, KB4054175, KB4054176, KB4054177, KB4054181, KB4054182, KB4054183, \
KB4054993, KB4054994, KB4054995, KB4054996, KB4054997, KB4054998, KB4054999, \
KB4055000, KB4055001, KB4055002<o:p></o:p></span></p><p class=MsoNormal><span \
style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span \
style='color:#1F497D'>I’m pretty sure those are part of one or more .net rollup \
patches from early this year or late last year. I can research each one and either \
identify the rollup it was a part of or make an educated guess, but that is so much \
effort for little payoff. Why don’t the KB articles link to a list of the \
rolled up patches included in each release? Would having the CVE numbers make it \
easier to easily identify the rollup patches that fix them?<o:p></o:p></span></p><p \
class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><p \
class=MsoNormal><span style='color:#1F497D'>Thanks,<o:p></o:p></span></p><p \
class=MsoNormal><span style='color:#1F497D'> <o:p></o:p></span></p><p \
class=MsoNormal><span style='color:#1F497D'>Joe Toskin<o:p></o:p></span></p><p \
class=MsoNormal><span style='color:#1F497D'>NOC Engineer<o:p></o:p></span></p><p \
class=MsoNormal><span style='color:#1F497D'> <o:p></o:p></span></p><p \
class=MsoNormal><span style='color:#1F497D'>K&R Network \
Solutions<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>5471 \
Kearny Villa Road #300<o:p></o:p></span></p><p class=MsoNormal><span \
style='color:#1F497D'>San Diego, CA 92123<o:p></o:p></span></p></div><p \
class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div \
style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p \
class=MsoNormal><b><span style='color:windowtext'>From:</span></b><span \
style='color:windowtext'> Susan E Bradley, CPA/CITP/CFF, GSEC <sb@askwoody.com> \
<br><b>Sent:</b> Friday, July 27, 2018 8:37 AM<br><b>To:</b> Patch Management Mailing \
List <patchmanagement@listserv.patchmanagement.org><br><b>Subject:</b> Re: \
[patchmanagement] Patch audit - Tracking down missing \
patches<o:p></o:p></span></p></div></div><p \
class=MsoNormal><o:p> </o:p></p><p>Do they have patch numbers or CVE \
numbers?<span style='font-size:12.0pt'><o:p></o:p></span></p><p>Can you provide a \
sample and we can see what we can do for you as far as assistance -- otherwise I \
think your patch auditing firm needs to provide you with better actionable guidance \
as we live in a update rollup world/CVE number world, not a KB world these \
days.<o:p></o:p></p><p class=MsoNormal><o:p> </o:p></p><div><p \
class=MsoNormal>On 7/27/2018 6:00 AM, Brian McMahon \
wrote:<o:p></o:p></p></div><blockquote \
style='margin-top:5.0pt;margin-bottom:5.0pt'><p class=MsoNormal><span \
style='font-size:10.0pt;font-family:"Lucida Console \
;color:#385623","serif"'>I’d look on the Security Guidance site, but I’m \
not 100% sure you would find a specific answer regarding the Cumulative Updates. You \
might get more information from the Quality updates, but they are month to month. My \
assumption would be that if a particular KB had the update issued in May, you could \
be confident that May, June, and July all had the update in the cumulative update, \
but I don’t know how you would prove it.</span><o:p></o:p></p><p \
class=MsoNormal><span style='font-size:10.0pt;font-family:"Lucida Console \
;color:#385623","serif"'> </span><o:p></o:p></p><p class=MsoNormal><span \
style='font-size:10.0pt;font-family:"Lucida Console ;color:#385623","serif"'><a \
href="https://portal.msrc.microsoft.com/en-us/security-guidance">https://portal.msrc.microsoft.com/en-us/security-guidance</a></span><o:p></o:p></p><p \
class=MsoNormal><span style='font-size:10.0pt;font-family:"Lucida Console \
;color:#385623","serif"'> </span><o:p></o:p></p><div><p class=MsoNormal><span \
style='font-size:10.0pt;font-family:"Lucida Console ;color:#385623","serif"'>Brian \
McMahon</span><o:p></o:p></p><p class=MsoNormal><span \
style='font-size:10.0pt;font-family:"Lucida Console ;color:#2E74B5","serif"'>ASML-US \
IT</span><o:p></o:p></p><p class=MsoNormal><span \
style='font-size:10.0pt;font-family:"Lucida Console \
;color:#2E74B5","serif"'> </span><o:p></o:p></p></div><p class=MsoNormal><span \
style='font-size:10.0pt;font-family:"Lucida Console \
;color:#385623","serif"'> </span><o:p></o:p></p><div><div \
style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in'><p \
class=MsoNormal><b>From:</b> Joe Toskin <a \
href="mailto:jtoskin@krns-inc.com"><jtoskin@krns-inc.com></a> <br><b>Sent:</b> \
Thursday, July 26, 2018 5:12 PM<br><b>To:</b> Patch Management Mailing List <a \
href="mailto:patchmanagement@listserv.patchmanagement.org"><patchmanagement@listserv.patchmanagement.org></a><br><b>Subject:</b> \
[patchmanagement] Patch audit - Tracking down missing \
patches<o:p></o:p></p></div></div><p class=MsoNormal> <o:p></o:p></p><p \
class=MsoNormal>I do patching for my organization. We are going through a security \
audit by an outside firm and they provided me a list of missing Windows updates \
related to known vulnerabilities. My task is to provide an explanation for why I \
denied approval for any missing patch. The problem is that they sent a list of \
KB’s that aren’t approved individually, but are instead included in the \
rollups. How can I check if a specific patch KB is part of a rollup/cumulative \
update? Is there an easily searchable web page correlating the rollups with the \
patches contained in each one?<o:p></o:p></p><p \
class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Thanks,<o:p></o:p></p><p \
class=MsoNormal> <o:p></o:p></p><p class=MsoNormal>Joe Toskin<o:p></o:p></p><p \
class=MsoNormal>NOC Engineer<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p \
class=MsoNormal>K&R Network Solutions<o:p></o:p></p><p class=MsoNormal>5471 \
Kearny Villa Road #300<o:p></o:p></p><p class=MsoNormal>San Diego, CA \
92123<o:p></o:p></p><p class=MsoNormal> <o:p></o:p></p><p class=MsoNormal><span \
style='font-size:12.0pt;font-family:"Times New Roman","serif"'>-- The information \
contained in this communication and any attachments is confidential and may be \
privileged, and is for the sole use of the intended recipient(s). Any unauthorized \
review, use, disclosure or distribution is prohibited. Unless explicitly stated \
otherwise in the body of this communication or the attachment thereto (if any), the \
information is provided on an AS-IS basis without any express or implied warranties \
or liabilities. To the extent you are relying on this information, you are doing so \
at your own risk. If you are not the intended recipient, please notify the sender \
immediately by replying to this message and destroy all copies of this message and \
any attachments. Neither the sender nor the company/group of companies he or she \
represents shall be liable for the proper and complete transmission of the \
information contained in this communication, or for any delay in its receipt. \
<o:p></o:p></span></p></blockquote><p class=MsoNormal><span \
style='font-size:12.0pt;font-family:"Times New \
Roman","serif"'><o:p> </o:p></span></p></div></body></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic