WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
11 April, 2008
Symantec Enterprise Security Manager™ Patches module

Description

The Patches module checks for the presence of operating system and application patches that strengthen system security. Patch information is stored in Patch templates.

Symantec updates Patch templates with the Symantec ESM policy installer. This ensures that updated Patch templates for supported operating systems and applications are available for policies that are delivered with Security Update releases. Installing this update adds or updates the Patches policy and associated template files on the Symantec ESM manager.

This rapid response patch update for Symantec Enterprise Security Manager reports operating system and application patches for Windows operating system.

There are a total of 84 new patch signatures and 2037 updated patch signatures in 63 templates.

The new templates are as follows:

  • exchg2k.ps5 (Microsoft Exchange Server 2000 on Microsoft Windows 2000 Server - 10 updated)
  • exchg2k3.p6s (Microsoft Exchange Server 2003 on Microsoft Windows Server 2003 - 9 updated)
  • exchg2k3.ps5 (Microsoft Exchange Server 2003 on Microsoft Windows 2000 Server - 9 updated)
  • exchg2k7.p64 (Microsoft Exchange Server 2007 on Microsoft Windows Server 2003 x64 Editions - 1 updated)
  • exchg2k7.p6s (Microsoft Exchange Server 2007 on Microsoft Windows Server 2003 - 1 updated)
  • exchg55.ps5 (Microsoft Exchange Server 5.5 on Microsoft Windows 2000 Server - 6 updated)
  • ie.p3i (Microsoft Internet Explorer on Microsoft Windows Server 2003 for 64-Bit Itanium-based Systems - 3 new, 43 updated)
  • ie.p64 (Microsoft Internet Explorer on Microsoft Windows Server 2003 for x64 Editions - 3 new, 29 updated)
  • ie.p6s (Microsoft Internet Explorer on Microsoft Windows Server 2003 - 3 new, 58 updated)
  • ie.p8i (Microsoft Internet Explorer on Microsoft Windows 2008 for Itanium-based Systems - 1 new)
  • ie.p8s (Microsoft Internet Explorere on Microsoft Windows Server 2008 - 1 new)
  • ie.ps5 (Microsoft Internet Explorer on Microsoft Windows 2000 Server - 4 new, 109 updated)
  • ie.ps8 (Microsoft Internet Explorer on Microsoft Windows 2008 x64 Editions - 1 new)
  • ie.pw5 (Microsoft Internet Explorer on Microsoft Windows 2000 Professional - 4 new, 109 updated)
  • ie.pwv (Microsoft Internet Explorer on Microsoft Windows Vista - 2 new, 7 updated)
  • ie.pwx (Microsoft Internet Explorer on Microsoft Windows XP Professional - 2 new, 58 updated)
  • ie.pxw (Microsoft Internet Explorer on Microsoft Windows Vista for 64-Bit - 2 new, 7 updated)
  • iis.p3i (Microsoft Internet Information Services on Microsoft 2003 for 64-Bit Itanium-based Systems - 6 updated)
  • iis.p64 (Microsoft Internet Information Services on Microsoft 2003 for x64 Edition - 5 updated)
  • iis.p6s (Microsoft Internet Information Services on Microsoft Windows Server 2003 - 6 updated)
  • iis.ps5 (Microsoft Internet Information Services on Microsoft 2000 Server - 10 updated)
  • iis.pw5 (Microsoft Internet Information Services on Microsoft Windows 2000 Professional - 9 updated)
  • iis.pwv (Microsoft Internet Information Services on Microsoft Windows Vista - 1 updated)
  • iis.pwx (Microsoft Internet Information Services on Microsoft Windows XP Professional - 8 updated)
  • iis.pxw (Microsoft Internet Information Services on Microsoft Windows Vista for 64-Bit - 1 updated)
  • isa2k.p6s (Microsoft Internet Security and Acceleration Server on Microsoft Windows Server 2003 - 4 updated)
  • isa2k.ps5 (Microsoft Internet Security and Acceleration Server on Microsoft Windows 2000 Server - 4 updated)
  • mdac.p6s (Microsoft Data Access Components on Microsoft Windows Server 2003 - 1 updated)
  • mdac.ps5 (Microsoft Data Access Components on Microsoft Windows 2000 Server - 9 updated)
  • mdac.pw5 (Microsoft Data Access Components on Microsoft Windows 2000 Professional - 9 updated)
  • mdac.pwx (Microsoft Data Access Components on Microsoft Windows XP Professional - 3 updated)
  • outlook.p3i (Microsoft Outlook on Microsoft Windows 2003 Server - 7 updated)
  • outlook.p64 (Microsoft Outlook on Microsoft Windows Server 2003 x64 Edition - 7 updated)
  • outlook.p6s (Microsoft Outlook on Microsoft Windows Server 2003 - 11 updated)
  • outlook.ps5 (Microsoft Outlook on Microsoft Windows 2000 Server - 11 updated)
  • outlook.pw5 (Microsoft Outlook on Microsoft Windows 2000 Professional - 11 updated)
  • outlook.pwx (Microsoft Outlook on Microsoft Windows XP Professional - 10 updated)
  • patch.p3i (Microsoft Windows Server 2003 for 64-Bit Itanium-based Systems - 8 new, 181 updated)
  • patch.p64 (Microsoft Windows Server 2003 x64 Editions - 8 new, 93 updated)
  • patch.p6s (Microsoft Windows Server 2003 - 8 new, 189 updated)
  • patch.p8i (Microsoft Windows 2008 for Itanium-based Systems - 3 new)
  • patch.p8s (Microsoft Windows 2008 - 3 new)
  • patch.pai (IBM AIX - 56 updated)
  • patch.ph1 (HP HP-UX 10.20-11.11 - 74 updated)
  • patch.ph2 (HP HP-UX 11.23 - 13 updated)
  • patch.ps5 (Microsoft Windows 2000 Server - 4 new, 167 updated)
  • patch.ps6 (Sun Solaris 2.6+ - 97 updated)
  • patch.ps8 (Microsoft Windows 2008 x64 Editions - 3 new)
  • patch.pw5 (Microsoft Windows 2000 Professional - 4 new, 155 updated)
  • patch.pwv (Microsoft Windows Vista - 6 new, 19 updated)
  • patch.pwx (Microsoft Windows XP Professional - 5 new, 244 updated)
  • patch.pxw (Microsoft Windows Vista for x64 - 6 new, 18 updated)
  • sharepoint.p6s (Microsoft SharePoint Services on Microsoft Windows Server 2003 - 1 updated)
  • sql.ps5 (Microsoft SQL Server on Microsoft Windows 2000 Server - 20 updated)
  • sql.pw5 (Microsoft SQL Server on Microsoft Windows 2000 Professional - 20 updated)
  • sql.pwx (Microsoft SQL Server on Microsoft Windows XP Professional - 20 updated)
  • wmplayer.p64 (Microsoft Windows Media Player on Microsoft Windows Server 2003 x64 Editions - 10 updated)
  • wmplayer.p6s (Microsoft Windows Media Player on Microsoft Windows Server 2003 - 16 updated)
  • wmplayer.ps5 (Microsoft Windows Media Player on Microsoft Windows 2000 Server - 17 updated)
  • wmplayer.pw5 (Microsoft Windows Media Player on Microsoft Windows 2000 Professional - 17 updated)
  • wmplayer.pwv (Microsoft Windows Media Player on Microsoft Windows Vista - 2 updated)
  • wmplayer.pwx (Microsoft Windows Media Player on Microsoft Windows XP Professional - 17 updated)
  • wmplayer.pxw (Microsoft Windows Media Player on Microsoft Windows Vista x64 - 2 updated)

For information on the newly added patches, download the Patch List document <Patch_list_20080411.pdf>

Note: All the OS patch templates are updated with the CVE-ID information in the 'cert-id' field. The CVE-ID information is displayed in the information field of the ESM OS Patch module message. The CVE-ID information is added in the patch signatures for which the data is available in the Security Focus Data Feed.

This rapid response policy includes updates to the Patches module templates that detect new vendor-released patches on the following operating systems:
  • Windows Vista Enterprise 32-bit
  • Windows Vista Enterprise 64-bit (Opteron and EM64T)
  • Windows Server 2003 and 2008 64-bit (Opteron and EM64T)
  • Windows Server 2003 and 2008
  • Windows Server 2003 and 2008 (Itanium)
  • Windows XP Professional
  • Windows 2000 Server and Windows 2000 Advanced Server
  • Windows 2000 Professional

See the Symantec Enterprise Security Manager Data Sheet
[link: http://eval.veritas.com/mktginfo/enterprise/fact_sheets/ent-factsheet_enterprise_security_manager_6.5_06-2005.en-us.pdf] for specific version information.

The following applications are also supported:

  • Microsoft Internet Explorer (IE)
  • Internet Information Services Web server (IIS)
  • Microsoft SQL Server
  • Microsoft Exchange Server
  • Microsoft Internet Security and Acceleration Server
  • Microsoft Outlook
  • Microsoft Outlook Express
  • Microsoft Visual Studio
  • Microsoft Windows Media Player
  • Microsoft Windows SharePoint Services
This policy is designed for Symantec ESM agents running SU24 (and later) versions of the Patch module.

For SUSE Linux Enterprise Server 9 PPC64 support, the minimum requirement is SU31 on ESM agents.

ESM 6.0, 6.1.1 and 6.5 users: To automatically install, use the link below or use LiveUpdate.

Download Patch Policy BestPractice_OS_Patch_Updates_20080411.exe

For agents earlier than 6.5, use the LiveUpdate package entitled, Patch Policies - OS Patches for 5.5/ 6.0 For 6.5 agents and later, use the LiveUpdate package entitled, Patch Policies - OS Comprehensive
For 6.5 agents and later, use the LiveUpdate package entitled, Patch Policies - OS Comprehensive

Note: For more information regarding this update, download the Patch Policy Release Notes <pup_rn.pdf>.


Last modified on: Friday, 11-Apr-08 17:02:33