Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

How to determine Vendor/Software for a patch?

Created: 30 Aug 2012 | 8 comments

Hello,

I need to distribute MS12-056 from Microsoft using Patch Management (actually I have 7.1 version).

When I went to Policies > Software > Patch Management > Patch Remediation Center I can't found "MS12-056" but I know why.

In the "MetaData Import Task" I only have checked the vendors, software and languages I use in my environment (basically Adobe and Microsoft; spanish/english). For these vendors, only software I have is checked (basically Windows 7, Office 2010, etc.).

The problem for not finding the MS12-056 bulletin for distribution is for sure that I don't have checked the software for the patch in this list.

As I don't want to check all Microsoft products, I'm trying to find which product I need to check by looking at the contents of the PMIMPORT.CAB file. I've found there the "PMImport_SWB_MS12-056.xml" file with the following contents:

<!--Copyright 2012 Altiris Inc. (All Rights Reserved)-->
<items>
  <item guid="{54469070-f073-4151-8ff4-186c2a109ba0}" classGuid="{30f75395-761b-4c7e-bb25-f7c556833917}">
    <name>MS12-056</name>
    <alias />
    <itemAttributes>NoDelete</itemAttributes>
    <ResourceItemHash>5CE2FC86B10D451F480E60861510AD76</ResourceItemHash>
    <isDisabledByUser>False</isDisabledByUser>
    <parentFolderGuid>9d518104-49e9-429e-85d7-0adf3654b828</parentFolderGuid>
    <resource>
      <typeGuid>3063db82-7011-4a03-86ca-7be49fb749cc</typeGuid>
      <managed>false</managed>
      <keys>
        <key name="swb" value="MS12-056" />
      </keys>
    </resource>
    <resourceData>
      <parentResourceAssociations>
        <resourceAssociations guid="7eeab03a-839c-458d-9af2-55db6b173293">
          <resourceAssociation resourceGuid="3ff6ee78-1130-484e-8a0e-bf5d766aff87" />
          <resourceAssociation resourceGuid="4071573d-1e67-45eb-b587-b185e2e8e4fc" />
          <resourceAssociation resourceGuid="447d4b5d-c057-4e33-b19e-820230725129" />
          <resourceAssociation resourceGuid="540c2ae5-325f-4f16-9868-12b322d3c057" />
          <resourceAssociation resourceGuid="6ebf6314-642a-4549-9047-86e498aeec6e" />
          <resourceAssociation resourceGuid="7b1e3b8a-672d-4ee1-889d-fff87f2c247d" />
          <resourceAssociation resourceGuid="849582b7-8bf3-4d8b-8fc3-1e3ac05a2d31" />
          <resourceAssociation resourceGuid="9150a2fa-9d67-434f-99ae-7a6ee26114a5" />
          <resourceAssociation resourceGuid="9da2608f-4568-43e8-9fd0-d6b0ffa9aa20" />
          <resourceAssociation resourceGuid="cd2d9bb9-d307-4d10-a5fd-c8eb8e452a7d" />
          <resourceAssociation resourceGuid="d821ea1a-b9f9-4c33-987f-ff51bde9da6c" />
          <resourceAssociation resourceGuid="e24df676-9185-456c-ad41-72a06e4be013" />
          <resourceAssociation resourceGuid="f23944cf-0867-4b6e-b5e3-90b0d5350e46" />
          <resourceAssociation resourceGuid="f441a8f4-ad6e-4aad-b4ca-0e51cb675c59" />
          <resourceAssociation resourceGuid="f5422bf6-0f49-4b53-9fe7-3f331c50e0c4" />
          <resourceAssociation resourceGuid="f59960a8-3c66-4505-8de3-7e3aa3070737" />
        </resourceAssociations>
        <resourceAssociations guid="2ffeb9f0-601e-4746-a830-bdb200076503">
          <resourceAssociation resourceGuid="9d5f6bb8-8adf-49d1-9d84-2932ca46ce1e" />
        </resourceAssociations>
      </parentResourceAssociations>
      <dataclasses>
        <dataclass guid="d4f94ba7-1ee3-4547-b8c2-3cf693cf602a">
          <row c1="01e86700-4a22-4205-8b40-7009696e9f5c" c2="4e622d35-39dd-4105-bf47-b4cc8c5e64ee" c3="CVE-2012-2523" c4="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2523" c5="1aa23d37-3947-4625-8b01-5575ea561ef8" c6="2012-08-14T00:00:00" />
        </dataclass>
        <dataclass guid="214631de-d9e0-475a-999d-57a79aadf4ae">
          <row c2="True" c3="http://technet.microsoft.com/security/bulletin/ms12-056" c4="2012-08-14T00:00:00" c5="2012-08-14T00:00:00">
            <c7><![CDATA[This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines on 64-bit versions of Microsoft Windows. The vulnerability could allow remote code execution if a user visited a specially crafted website. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.]]></c7>
          </row>
        </dataclass>
        <dataclass guid="2e0e9b94-4457-43cc-b6c9-85316ad80ae5">
          <row c1="9d5f6bb8-8adf-49d1-9d84-2932ca46ce1e" c2="f1beb524-9694-4e8e-bf78-0f04736556e2" c3="3" />
        </dataclass>
      </dataclasses>
    </resourceData>
    <itemReferences />
    <description>Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045)</description>
  </item>
</items>

How can I determine which software/product do I need to check with this information?

Thanks.

 

 

 

Comments 8 CommentsJump to latest comment

Mistral's picture

check out the link in this xml?

http://technet.microsoft.com/security/bulletin/ms1...

Affected Software:

Operating System Component Maximum Security Impact Aggregate Severity Rating Updates Replaced
Windows XP Professional x64 Edition Service Pack 2 JScript 5.8 and VBScript 5.8
(KB2706045)
Remote Code Execution Important KB2510531 in MS11-031 replaced by KB2706045
Windows Server 2003 x64 Edition Service Pack 2 JScript 5.8 and VBScript 5.8
(KB2706045)
Remote Code Execution Low KB2510531 in MS11-031 replaced by KB2706045
Windows Vista x64 Edition Service Pack 2 JScript 5.8 and VBScript 5.8
(KB2706045)
Remote Code Execution Important KB2510531 in MS11-031 replaced by KB2706045
Windows Server 2008 for x64-based Systems Service Pack 2 JScript 5.8 and VBScript 5.8
(KB2706045)
Remote Code Execution Low KB2510531 in MS11-031 replaced by KB2706045
Windows 7 for x64-based Systems JScript 5.8 and VBScript 5.8
(KB2706045)
Remote Code Execution Important KB2510531 in MS11-031 replaced by KB2706045
Windows 7 for x64-based Systems Service Pack 1 JScript 5.8 and VBScript 5.8
(KB2706045)
Remote Code Execution Important KB2510531 in MS11-031 replaced by KB2706045
Windows Server 2008 R2 for x64-based Systems JScript 5.8 and VBScript 5.8
(KB2706045)
Remote Code Execution Low KB2510531 in MS11-031 replaced by KB2706045
Windows Server 2008 R2 for x64-based Systems Service Pack 1 JScript 5.8 and VBScript 5.8
(KB2706045)
Remote Code Execution Low KB2510531 in MS11-031 replaced by KB2706045
Windows Server 2008 R2 for Itanium-based Systems JScript 5.8 and VBScript 5.8
(KB2706045)
Remote Code Execution Low KB2510531 in MS11-031 replaced by KB2706045
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 JScript 5.8 and VBScript 5.8
(KB2706045)
Remote Code Execution Low KB2510531 in MS11-031 replaced by KB2706045

 

Roman Vassiljev's picture

Hi ManelR,

Actually the best and quick way is to check affected products on vendor page related to bulletin / update.

Thanks,
Roman

ManelR's picture

Hi Roman,

Yes, I've checked the XML and I've seen that MS12-056 is related to JScript and VBScript but I don't know which product must I check under Microsoft vendor list at:

Home > Patch Management > MetaData Import Task > Vendors and Software

I only have checked 92 items because I want the PMIMPORT process to finish as fast as possible and only to process products in my environment.

If the product related to the patch is not checked, when the PMIMPORT.CAB is downloaded, the XML for this patch is skipped and the bulletin doesn't appear for download/distribution.

Do you know how can I use the information in the XML file to "know" the name of the product that I need to check? (see attachment)

Thanks.

 

 

2012-08-31_130802.png
IT Systems Manager
LCFIB - Computing Lab
Barcelona School of Informatics
Universitat Politècnica de Catalunya - Barcelona Tech
Mistral's picture

Like written in the table, you probably have to select the operating systems that are affected.

I don't see any other products there.

Roman Vassiljev's picture

Hi ManelR,

Actually it is not simply to identify correct Product using XML files from PMImport.cab. Affected products are associated with updates, not bulletins, and it is hard to track all associations between different XML files and guids.
MS12-056 includes 6 updates and each update has own affected products.
So in order to try to identify correct product for MS12-056 bulletin, you need firstly to find update you want to distribute from this bulletin.
For example, MS12-056 includes updates IE8-WindowsServer2003.WindowsXP-KB2706045-x64-ENU.exe  (http://www.microsoft.com/en-us/download/details.aspx?id=30510)
From file name you may suppose that you should select Internet Explorer 8 (x64).
 

I have checked on my side that IE8-WindowsServer2003.WindowsXP-KB2706045-x64-ENU.exe and IE8-Windows6.0-KB2706045-x64.msu are indeed imported if Internet Explorer 8 (x64) is selected.
Please find information about remaining updates from MS12-056 below.

If you want do distribute Windows6.1-2008-R2-KB2706045-x64.msu, select any of the following product:
Windows Server 2008 R2 Datacenter (x64)
Windows Server 2008 R2 Enterprise (x64)
Windows Server 2008 R2 HPC (x64)
Windows Server 2008 R2 Standard (x64)
Windows Small Business Server 2011
Windows Web Server 2008 R2 (x64)

If you want do distribute Windows6.1-2008-R2-SP1-KB2706045-x64.msu, select any of the following product:
Windows Home Server 2011
Windows Server 2008 R2 Datacenter (x64)
Windows Server 2008 R2 Enterprise (x64)
Windows Server 2008 R2 HPC (x64
Windows Server 2008 R2 Standard (x64)
Windows Storage Server 2008 R2 Essentials
Windows Web Server 2008 R2 (x64)

If you want do distribute Windows6.1-KB2706045-x64.msu, select any of the following product:
Windows 7 Embedded Standard (x64)
Windows 7 Enterprise (x64)
Windows 7 Home Premium (x64)
Windows 7 Professional (x64)
Windows 7 Ultimate (x64)

If you want do distribute Windows6.1-Windows7-KB2706045-x64.msu, select any of the following product:
Windows 7 Embedded Standard (x64)
Windows 7 Enterprise (x64)
Windows 7 Home Premium (x64)
Windows 7 Professional (x64)
Windows 7 Ultimate (x64)

Hope this helps,
Roman.

ManelR's picture

Hi Mistral/Roman,

Of course, I want to download and distribute some components of MS12-056. The items related for Windows 7 x64.

As you can see in my first picture attached, I have checked this operating system because I can download other bulletins without problems.

But, when I go to the list of bulletins and I filter for MS12-056 I found nothing because the PMIMPORT task has not included this bulletin in the list (see second picture).

Of course, I can check all Microsoft products and the bulletin will be included but after this I would need to uncheck again all the products/operating systems we don't use in our environment and the bulletin will be gone again.

Is something curious. If you only have Windows 7 Enterprise x64 checked, does the bulletin appear in your list?

Thanks.

 

2012-09-04_113036.png 2012-09-04_113058.png
IT Systems Manager
LCFIB - Computing Lab
Barcelona School of Informatics
Universitat Politècnica de Catalunya - Barcelona Tech
Mistral's picture

I have whole Microsoft selected ... and i can see it.

Sorry, i know that doesn't help you ... at least we know it does work at all.

Roman Vassiljev's picture

Hi ManelR,

I can confirm that 2 updates from MS12-056 bulletin are indeed imported on my setup during PM Import task in case if single Windows 7 Enterprise (x64) is checked. These updates are Windows6.1-KB2706045-x64.msu and Windows6.1-Windows7-KB2706045-x64.msu.
I noticed that Patch Remediation Center shows 'Windows Compliance by Bulletin' on your second screenshot - actually it does not show all imported bulletins. Could you please change view to 'All Software Bulletin' and check if MS12-056 appears?

MS12-056 should be shown in 'Windows Compliance by Bulletin' list if Windows System Assessment Scan is executed on clients after last PM Import task and imported updates from MS12-056 are detected as applicable.

Thanks,
Roman