KBOX Patch Support
-
Upload
neil-mcmahon -
Category
Documents
-
view
85 -
download
0
Transcript of KBOX Patch Support
W H I T E P A P E R
Patch SupportKBOX Systems Management Appliance Patch Content Summary, Q4 2009
Copyright 2009 KACE Networks, Inc. All rights reserved.
KBOX 1000 SERIES
SYSTEMS MANAGEMENT APPLIANCE PATCH SUPPORT
TABLE OF CONTENTSPatch Quality Assurance Summary ................................................................... 3 KACE Patch and Remediation Support .............................................................. 5
Copyright 2009 KACE Networks, Inc. All rights reserved.
Page 2
KBOX 1000 SERIES
SYSTEMS MANAGEMENT APPLIANCE PATCH SUPPORT
Patch Quality Assurance SummaryThe KBOX Systems Management Appliance Release combines best practices across IT management and security operations to allow organizations to provide protection for their business. The patching functionality allows organizations to define policies to automate discovery and remediation of security vulnerabilities and reduce their exposure to attacks. The KBOX Systems Management Appliance patching updates offer industry leading responsiveness and flexibility to address vulnerabilities across a wide range of operating systems and applications, ensuring the broadest set of avenues of attack are blocked. KACE partners with Lumension Security to provide KBOX customers maximum value through the patch content development and quality assurance process. The enhanced patching content feed available with the KBOX 1000 series management appliances is designed with two main objectives : to improve the timeliness of the patch availability without compromising on the quality and reliability, and to enable the broadest possible set of OS and application patching
This is achieved by verifying the patch metadata produced by a content development team, as well as validating the install process, uninstall processes, that the patch does not disrupt the targeted operating systems and/or applications immediate stability. Providing quality patch content to our customers is a high priority. To ensure successful delivery of content, KACE sanity checks patch feeds from Lumension once they have executed test cases covering the following test components.
Testing EnvironmentLumension invests heavily in testing infrastructure. The content development and quality teams have access to a virtual enterprise environment representing more than 1500 nodes of various configurations. Utilizing VMWare ESX and Lab Manager, in addition to custom hardware bench testing, the Lumension testing infrastructure is state of the art.
Application TestingLumension tests with various applications as necessary to ensure the requirements of the patch are satisfied.
Copyright 2009 KACE Networks, Inc. All rights reserved.
Page 3
KBOX 1000 SERIES
SYSTEMS MANAGEMENT APPLIANCE PATCH SUPPORT
Testing StrategyGENERAL TESTING Verify patch-naming convention complies with Lumension policy. Verify content supports the replication process. Each patch created by the content team is validated with the GSS distribution and Update Server products. ASSESSMENT TESTING Verify an applicable non-patched system shows applicable and not patched Verify a patched system shows installed and not applicable Verify false positives in the detection of digital fingerprint Verify content is compliant with mandatory baselines Verify the vulnerability is correctly displayed in Update Server and all filtering, sorting and other visual functionality works correctly.Content Quarterly Report Q4 2008
4 DEPLOYMENT TESTING Verify the package is successfully deployable Verify suppress reboot functionality works correctly Verify the uninstall functionality works correctly Verify on demand package caching works correctly Verify automatic deployment scheduling works correctly Verify agent package download Verify CRC checksum ensuring package integrity Verify agent automatically runs assessment after patch deployment Verify agent restarts automatically after reboot 5
Copyright 2009 KACE Networks, Inc. All rights reserved.
Page 4
KBOX 1000 SERIES
SYSTEMS MANAGEMENT APPLIANCE PATCH SUPPORT
KACE Patch and Remediation SupportOperating Systems Platform SupportThe KBOX currently supports content for the operating systems listed in Table 1 support for specific platforms is as follows: Update installers (no base installers) Core OS Updates (may include patches, service packs, feature packs, cumulative, hot fixes) Stated editions (standard, enterprise, deluxe) Stated version Stated architecture
Table 1 lists the supported versions and editions for enhance content that is supported in KBOX v4.3 and later. Items shaded in grey are legacy patches that are no longer supported on an ongoing basis.Table 1: Operating Systems Platform/Devices SupportPublisher Platform/Device OS Edition Architecture Update SCAN Sanctuary Publisher Platform / Device OS Edition Architecture Apple Mac OS X 10.3.9 10.5.8 PowerPC Apple Mac OS X 10.4.5 10.6.2 X86 Microsoft Windows 2000 SP4 AS, SVR, PRO x86 Microsoft Windows XP SP1- SP3 PRO x86 Microsoft Windows XP SP1- SP3 PRO x86_64 Microsoft Windows 2003 ENT, STD, WEB x86 Microsoft Windows 2003 ENT, STD, WEB x86_64 Microsoft Windows Vista BUS, ENT, ULT x86 Microsoft Windows Vista BUS, ENT, ULT x86_64 Microsoft Windows 2008 ENT, STD, WEB x86 Microsoft Windows 2008 ENT, STD, WEB x86_64 Microsoft Windows 7 PRO, ENT, ULT x86 Microsoft Windows 7 PRO, ENT, ULT x86_64 Microsoft Windows 2008 R2 PRO, ENT, ULT x86_64 Update Y Y Y Y Y Y Y Y Y Y Y Y1 Y1 Y1
Content1
Quarterly
Report
Q4
2008
suppported by v5.0 MR1 with Agent Patch 2
Application SupportKACE partners with Lumension to support the application patches listed in Table 2. Products are supported only for applicable, supported operating systems (OS). Items shaded in grey are legacy patches that are no longer supported on an ongoing basis, but are still available in the patch repository. Table 2 lists the versions for patch content that is supported. Text in dark green color represents recent information update. Table 3 lists the antivirus applications for which virus definition updates are available in the patch repository.
Copyright 2009 KACE Networks, Inc. All rights reserved.
Page 5
KBOX 1000 SERIES
SYSTEMS MANAGEMENT APPLIANCE PATCH SUPPORT
Table 2: Application SupportPublisher Adobe Adobe Adobe Adobe Adobe Adobe Adobe Product Acrobat Reader Acrobat Reader Macromedia Flash Player for Internet Explorer Macromedia Flash Player for FireFox/NetScape Macromedia Flash Player for Mac OS X Shockwave Player for Mac OS X Shockwave Player for Windows Min Version 5.1 5.1 6.0.65 8.0.22 9.0.47 11.5.0.600 11.5.0.600 iLife 06 GarageBand 3.0.4 iDVD 6.0.1 iMovie 6.0.1 iPhoto 5.0.3 iWeb 1.0.1 Update 6.0.4 7.6 6 6.5 1.3.1 6.30 1.0 SP2 2.5 7.0 5.5 4 2000 2000 5.01 4.0 2000 4.0 2000 5 1 Max Version 9.2 9.2 10.0.32.18 10.0.32.18 10.0.32.18 11.5.0.600 11.5.0.600 iLife 09 GarageBand 5.1 iDVD 7.0.4 iMovie 8.0.3 iPhoto 8.1 iWeb 3.0.1 Latest 9.0.1 9.0.1 7.6.4 7.6.4 4.0.4 v10.1 3.5 SP1 2.8 SP1 10.0 2007 9 2002 2006 8.0 7.0 2006 SP1 4.0 2000 7.6 6.0 SP1 NonSecurity Patches N N N N N N N Security Patches Y Y Y Y Y Y Y Supported Platform Mac OS X Windows Windows Windows Mac OS X Mac OS X Windows
Apple
iLife - including desktop applications (GarageBand, iDVD, iMovie, iPhoto, iWeb)
N
Y
Mac OS X
Apple Apple Apple Apple Apple Apple Citrix Systems Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft
iLife Media Browser iTunes for Mac iTunes for Windows QuickTime for Windows QuickTime for Mac OS Safari ICA Win32 Client .NET Framework Data Access Components (MDAC) DirectX Exchange Server Exchange Server 2007 Update Rollups FrontPage Server Extension (FPSE). Host Integration Server Internet Explorer Internet Information Service (IIS) Internet Security and Acceleration Server (ISA) Jet MSDE MSN Messenger MSXML
N N N N N N N N N N N NA N N N N N N N N N
Y Y Y Y Y Y Y Y Y Y Y NA Y Y Y Y Y Y Y Y Y
Mac OS X Mac OS X Windows Windows Mac OS X Mac OS X Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows
Copyright 2009 KACE Networks, Inc. All rights reserved.
Page 6
KBOX 1000 SERIES
SYSTEMS MANAGEMENT APPLIANCE PATCH SUPPORT
Publisher
Product Office - including desktop applications (Access, Excel, FrontPage, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word) Office for Mac including (Word, Excel, PowerPoint, Entourage, no MS Expression, no Media Support)
Min Version Office 2000 OneNote 2003 Project 2002 Publisher 2002 Visio 2002
Max Version Office 2007 OneNote 2007 Project 2007 Publisher 2007 Visio 2007
NonSecurity Patches
Security Patches
Supported Platform
Microsoft
N
Y
Windows
Microsoft
Office 2004
Office 2008
N
Y
Mac OS X
Microsoft
Office Viewer - including (Word, Excel, PowerPoint, Visio)
Excel Viewer 2003, Word Viewer 2003, PowerPoint Viewer 2007, Visio Viewer 2007 5.5 SP2 5.1.2600 2.0 2005 Office XP 7 2004 SP1 2005 R2 SP1 2003 2005 2.0 6.4 8.1 4.7 NA 3.0 1.0.4 2.0.0.7 4.83 NA 8 (6.0.9.584) 8 3.8 1.3 1.4.2_03 2.0.1
Excel Viewer 2007, Word Viewer 2007, PowerPoint Viewer 2007, Visio Viewer 2007 6.0 SP1 5.1.2600 3.0 SP2 2007 SP1 Office XP 2008 SP12 2007 SP1 2005 R2 SP1 2003 2008 SP1 3.1 11 Version 2009 5.1 Latest 3.0 3.5.5 3.5.5 6.5 Support Pack 7 Latest 11 (6.0.14.826) Latest 4.0 1.6 1.6.0_16 2.0.1
N
Y
Windows
Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Mozilla Mozilla Novell PatchLink Real Networks Real Networks Skype Sun Sun VMware
Outlook Express Remote Desktop Connection Software SharePoint Service SharePoint Server SharePoint Team Services SQL Server Virtual PC Virtual Server Visual Studio .NET Visual Studio Windows Installer Windows Media Player Windows Live Messenger Windows Messenger Windows Update Windows Update Agent Firefox Firefox for Mac Netware Windows Client All products RealPlayer for Windows RealPlayer for RedHat Skype Java for Mac OS X Java Runtime Environment (JRE) Fusion
N N N N N N N N N N N N N N N N N N N Y N N N N N N
Y N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Mac OS X Windows All Windows Red Hat Windows Mac OS X Windows Mac OS X
Copyright 2009 KACE Networks, Inc. All rights reserved.
Page 7
KBOX 1000 SERIES
SYSTEMS MANAGEMENT APPLIANCE PATCH SUPPORT
Publisher VMware VMware VMware WinZip Player Server
Product
Min Version 2.5.1 2.0 6.5.1 9.0
Max Version 2.5.1 2.0 6.5.1 11.2 SR-1
NonSecurity Patches N N N N
Security Patches Y Y Y Y
Supported Platform Windows Windows Windows Windows
Workstation WinZip
Note: legacy support are listed in grey
Table 3: Antivirus Definition File SupportPublisher Product Min Version Max Version Def Updates Supported Platform
Authentium / Command Software Authentium / Command Software Computer Associates Computer Associates Computer Associates Frisk Software Frisk Software F-Secure McAfee McAfee McAfee McAfee McAfee Microsoft Microsoft Microsoft Microsoft Microsoft Sophos Symantec Symantec Symantec Trend Micro Trend Micro
Command Software Antivirus DEF File Command Software Antivirus Installer eTrust Antivius DAT files (InoculateIT Engine) eTrust Antivius DAT files (Vet Engine) eTrust Antivirus F-Prot Antivirus DEF Files DEF files for Document / Office / Macro Antivirus Virex VirusScan DAT files VirusScan Engine VirusScan Enterprise Engine VirusScan SuperDAT files Malicious Software Removal Tool Outlook 2003 Junk E-mail Filter Outlook 2007 Junk E-mail Filter Windows Defender Windows Mail Junk E-mail Filter Antivirus Symantec Antivirus Corporate Edition Client for 64-bits OS only Symantec/ Norton Antivirus Symantec/ Norton Antivirus OfficeScan ServerProtect
4.75.5 4.75.5 6.00 6.00 6.00 NA NA 5.x 7.20 6.x 4.00 7.00 4.x NA NA NA 1.1.1593 NA last 6 version 10.00 NA 9.0.1 5.58 5.56
4.93.8 4.92.91 7.10 7.10 Latest Latest 5.x Latest Latest Latest 8.00 Latest Latest Latest Latest Latest Latest Latest 10.20 Latest Latest Latest Latest
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Windows Windows Windows Windows Windows Windows Windows Windows Mac OS X Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Mac OS X Windows Windows
Note: legacy support are listed in grey
13
Copyright 2009 KACE Networks, Inc. All rights reserved.
Page 8
KBOX 1000 SERIES
SYSTEMS MANAGEMENT APPLIANCE PATCH SUPPORT
Language SupportKACE supports patches in the locales for Windows operating systems (OS) listed in Table 4. Table 4: Language Support Locale English (United States) French (France) German (Germany) Italian (Italy) Spanish (Spain) Finnish (Finland) Swedish (Sweden) Norwegian (Norway) Danish (Denmark) Dutch (Netherlands) Czech (Czech Republic) Simplifies Chinese (China) Japanese (Japan)
Copyright 2009 KACE Networks, Inc. All rights reserved.
Page 9
KBOX 1000 SERIES
SYSTEMS MANAGEMENT APPLIANCE PATCH SUPPORT
OS Support DetailKACE impact terminology based on the PatchLink Update content closely follows the vendor impact terminology for vulnerability criticality. Each operating system has a vendor-specific impact rating and the mapping to KBOX terminology is described in this section. KACE and Lumension tend to increase or round-up the severity of the impact rating. For instance, Microsoft classifications for Critical, Important, and Moderate patches are all classified as Critical. The following table details the classification of patches that are supported for each supported OS and the impact level use for each. Text in dark green color represents recent information update.Table 4: OS Support Detail Target Impact MappingVendor Apple Patch Type OS Security Updates Application Security Updates MAC OS Version Updates Microsoft Critical Security (English) Critical Security (Simplified Chinese) Critical Security (Traditional Chinese) Critical Security (Intl) Important Security (English) Important Security (Intl) Moderate Security (English) Moderate Security (Intl) Low Security (English) Low Security (Intl) None Security (English) None Security (Intl) OS Service Packs (English) OS Service Packs (Intl) Application Service Packs (English) Application Service Packs (Intl) Junk Email Filter Updates Malicious Software Removal Tool Windows Defender definition updates X others AntiVirus (AV) Updates X X X X X X X X X X X X X X X X X X X Critical X X X Critical-01 Recommended Virus Removal
Note: The Antivirus vendor updates are posted twice a week, typically on Wednesdays and Fridays.
Copyright 2009 KACE Networks, Inc. All rights reserved.
Page 10
KBOX 1000 SERIES
SYSTEMS MANAGEMENT APPLIANCE PATCH SUPPORT
Table 5 below shows the mapping of Microsoft severity ratings to KBOX patch Impact ratings. Table 5: Microsoft Severity mappings to KBOX Impact ratings Vendor Microsoft Critical Important Moderate Service Packs Junk Email Filter Updates Patch Type Critical Recommended
Once content is superseded, the superseded content is marked as Critical-05 and this is reflected in the KBOX Impact rating.
Copyright 2009 KACE Networks, Inc. All rights reserved.
Page 11
KBOX 1000 SERIES
SYSTEMS MANAGEMENT APPLIANCE PATCH SUPPORT
KACE Corporate BackgroundKACE is the leading systems management appliance company. The award-winning KBOX family of appliances delivers easy-to-use, comprehensive systems management capabilities. KACE customers usually install in one day and enjoy the lowest total cost compared to software alternatives. KACE is headquartered in Mountain View, California. To learn more about KACE and its product offerings, please visit http://www.kace.com or call 1-877-MGMT-DONE. Helpful Links: KBOX Systems Management Appliances KBOX Systems Deployment Appliances Virtual KBOX Appliances
Contact KACE1616 North Shoreline Boulevard Mountain View, California 94043 (877) MGMT-DONE office for all inquiries (+1) (650) 316-1050 International (650) 649-1806 fax European Sales: [email protected] Asia Pacific Sales: [email protected] Sales and partnering: [email protected] Support: [email protected] Other Information: [email protected] On the Web: http://www.kace.com
Copyright 2009 KACE Networks, Inc. All rights reserved.
Page 12