Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

MS13-A02 - IE8 patch

Created: 10 May 2013 • Updated: 21 May 2013 | 3 comments
This issue has been solved. See solution.

Ok so MS13-A02 just came out last night. Our security team gave it a high sev rating so i have a short time to get this patch out.

The patch shows in all 3 of my environments. DEV/TEST/PROD.

I staged the patch for deployment. some for today at 2pm for testing. a pilot group for Monday then going to do prod later when we are supposed to have this done by. So all seems good as normal.

I went to all of my test machines in each environment and checked all the machines in so I could manually fire off the patch install and start testing. Not on of my test machines show needing the patch. I went back to the patch, right clicked and said view targets...

out of all 3 environments of 4000+ machines only 1 machine says it needs the patch.... Odd IE8 and we have TONS of them.

 

is there a certain amout of time we are supposed to wait or something that needs to run before the Patch will show the targeted machines?

I event logged into 1 machine that has IE8 and doesnt have the patch staged on it yet and the attached software bulletin details report states it applies to 0????

Comments 3 CommentsJump to latest comment

Roman Vassiljev's picture

Hi TeleFragger,

Was Windows System Assessment Scan executed on affected machines?
After new Patch Data is imported, Windows System Assessment scan files are updated and it is required to execute it on clients in order to receive the latest information about missing updates.

Could you please execute WSAS on any of affected client and then check MS13-A02 in compliance reports. In case if MS13-A02 is still not applicable to affected client, could you please attach STPatchAssessment.log and STPatchAssessment.xml from this client. Usually these files are located at "C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\{6D417916-467C-46A7-A870-6D86D9345B61}\cache\"

Regards,
Roman

SOLUTION
TeleFragger's picture

well this was new to me on the rush status when our infosec department deems something needs to be done quickly... so I was impatient.. I just checked and now there are 1015 for applies to so guess it is working as it should. go figure as we have 2 more that just came in as a rush.. ms13-037 and ms13-038 so guess i will give it some time before testing..

 

marking solution..

Thanks!
 

Did we help you? Please Mark As Solution those posts which resolve your problem,

gknudsen's picture

 

To speed up patching in a test environment:
 
For your test computer : run the  Windows System Assessment Scan and wait 2-3 minutes
 
Run this task on the server : NS.Windows Patch Remediation Settings (while the server is not running other tasks (ignore MSCtfMonitor))
 
Have the client check in 2-3 minutes after it has completed
 
Patches should show up, run them manually
 
 
 
 
For your environment in general:
 
Check the frequency of the Patch Refresh at : Home|Patch Management|Settings|Remediation
The Patch Filter Update Interval should have the appropriate window and run often enough to not slow down your server and make sure it is set for Repeat Daily
SOLUTION