WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
14 April 2005
Symantec Enterprise Security Manager™ OS Patches (Patch) module


The OS Patches (Patch) module checks for the presence of operating system and application patches that strengthen system security. Patch information is stored in Patch templates.

Symantec updates Patch templates with the Symantec ESM policy installer. This ensures that updated Patch templates for supported operating systems and applications are available for policies that are delivered with Security Update releases. Installing this update adds or updates the OS Patches policy and associated template files on the Symantec ESM manager.

This rapid response patch update for Symantec Enterprise Security Manager reports operating system and application patches for both Windows and UNIX operating systems. There are a total of 406 new patch signatures and 21 updated patch signatures in 18 templates:

  • patch.pai (AIX - 2 new, 21 updated)
  • patch.plx (RedHat - 305 new)
  • patch.ps6 (Solaris 2.6+ - 15 new)
  • patch_su19.ps6 (Solaris 2.6+ for SU19 - 15 new)
  • patch.psl (SUSE - 16 new)
  • patch.pw5 (Windows 2000 Professional - 6 new)
  • patch.ps5 (Windows 2000 Server - 6 new)
  • patch.pwx (Windows XP Professional - 12 new)
  • patch.p6s (Windows Server 2003 - 5 new)
  • patch.p3i (Windows Server 2003 for Itanium-based Systems - 3 new)
  • exchg2k3.ps5 (Exchange Server 2003 for Windows 2000 Server - 1 new)
  • exchg2k3.p6s (Exchange Server 2003 for Windows Server 2003 - 1 new)
  • exchg2k.ps5 (Exchange Server 2000 for Windows 2000 Server - 2 new)
  • ie.pw5 (Internet Explorer for Windows 2000 Professional - 6 new)
  • ie.ps5 (Internet Explorer for Windows 2000 Server - 6 new)
  • ie.pwx (Internet Explorer for Windows XP Professional - 2 new)
  • ie.p6s (Internet Explorer for Windows Server 2003 - 2 new)
  • ie.p3i (Internet Explorer for Windows Server 2003 for Itanium-based Systems - 1 new)
This rapid response policy includes updates to the OS Patches (Patch) module templates that detect new vendor-released patches dated on or before April 14, 2005:
  • Windows Server 2003 64-bit Edition
  • Windows Server 2003
  • Windows XP Professional
  • Windows 2000 Server
  • Windows 2000 Professional
  • Windows NT 4 Server
  • Windows NT 4 Workstation
  • HP-UX
  • AIX
  • Solaris
  • Red Hat Linux
  • Red Hat Enterprise Linux
  • SUSE Linux Standard Server 8
  • SUSE Linux Enterprise Server 8
The following applications are also supported:
  • Microsoft Internet Explorer (IE)
  • Internet Information Services Web server (IIS)
  • Microsoft SQL Server
  • Microsoft Exchange Server
  • Microsoft Outlook
  • Microsoft Outlook Express
  • Microsoft Visual Studio
This update also includes rapid response support for the detection of vulnerabilities that were disclosed by Microsoft on April 12, 2005.

MS05-016    Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)
MS05-017    Vulnerability in Message Queuing Could Allow Code Execution (892944)
MS05-018    Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service (890859)
MS05-019    Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)
MS05-020    Cumulative Security Update for Internet Explorer (890923)
MS05-021    Vulnerability in Exchange Server Could Allow Remote Code Execution (894549)
This policy is designed for Symantec ESM agents running SU 17 (and later) versions of the OS Patch module. Symantec ESM agents running SU 16 are acceptable but not recommended. Due to a modification in the method used to extract version information, SU 17 or greater is required for Windows NT.

ESM 6.0 and 6.0.1 users: To automatically install, use the link below or use LiveUpdate.

Download OS Patch Policy BestPractice_OS_Patch_Updates_20050414.exe Obsoleted

Note: For more information regarding this update, download the OS Patch Policy Release Notes.

Last modified on: Wednesday, 27-Apr-05 13:24:48