The OS Patches (Patch) module checks for the presence of operating system and application patches that strengthen system security. Patch information is stored in Patch templates.
Symantec updates Patch templates with the Symantec ESM policy installer. This ensures that updated Patch templates for supported operating systems and applications are available for policies that are delivered with Security Update releases. Installing this update adds or updates the OS Patches policy and associated template files on the Symantec ESM manager.
This rapid response patch update for Symantec Enterprise Security Manager reports operating system and application patches for both Windows and UNIX operating systems. There are a total of 325 new patch signatures and 186 updated patch signatures in 13 templates:
This rapid response policy includes updates to the OS Patches (Patch) module templates that detect new vendor-released patches dated on or before July 13, 2005:
- patch.pai (IBM AIX - 15 new, 11 updated)
- patch.ph1 (HP-UX - 126 updated)
- patch.plx (RedHat Linux - 37 new, 2 updated)
- patch.ps6 (Solaris 5.6+ - 39 updated)
- patch.psl (SUSE Linux - 255 new)
- patch.pw5 (Windows 2000 Professional - 1 new)
- patch.ps5 (Windows 2000 Server - 1 new)
- patch.pwx (Windows XP Professional - 2 new)
- patch.p6s (Windows Server 2003 - 2 new)
- outlook.pw5 (Outlook on Windows 2000 Professional - 4 new)
- outlook.ps5 (Outlook on Windows 2000 Server - 4 new)
- outlook.pwx (Outlook on Windows XP Professional - 2 new)
- outlook.p6s (Outlook on Windows Server 2003 - 2 new)
The following applications are also supported:
- Windows Server 2003 64-bit Edition
- Windows Server 2003
- Windows XP Professional
- Windows 2000 Server
- Windows 2000 Professional
- Windows NT 4 Server
- Windows NT 4 Workstation
- Red Hat Linux
- Red Hat Enterprise Linux
- SUSE Linux Standard Server 8
- SUSE Linux Enterprise Server 8
This update also includes rapid response support for the detection of vulnerabilities that were disclosed by Microsoft on July 12, 2005.
- Microsoft Internet Explorer (IE)
- Internet Information Services Web server (IIS)
- Microsoft SQL Server
- Microsoft Exchange Server
- Microsoft Outlook
- Microsoft Outlook Express
- Microsoft Visual Studio
MS05-036 Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution
MS05-037 Vulnerability in JView Profiler Could Allow Remote Code Execution
This policy is designed for Symantec ESM agents running SU 20 (and later) versions of the Patch module.
ESM 6.0, 6.1.1, and 6.5 users: To automatically install, use the link below or use LiveUpdate.
Download OS Patch Policy BestPractice_OS_Patch_Updates_20050713.exe Obsoleted
Download OS Registry Policy and Template Windows_Jview_Profiler_20050713.exe
The Windows_Jview_Profiler_20050713.exe lets you check patches that make changes only to the registry and not the filesystem. For this purpose, the executable installs a policy named 'Jview Profiler for IE' which uses the registry module to check for the existence of hotfix KB903235.
Note: For more information regarding this update, download the OS Patch Policy Release Notes.