Patch Management Solution

Hello,

we did check MBSA scan and found out some missing patches in Altiris PM 6.x.

Does anybody has the same problem? Can Symantec check it please?

MS13-002 KB2757638 Vulnerable in MBSA scan. KB is missing in bulletin.
MS12-066 KB2687440 Vulnerable in MBSA scan. KB is missing in bulletin.
MS11-049 KB2510061 Vulnerable in MBSA scan. KB is missing in bulletin.
MS09-060 KB974234 Vulnerable in MBSA scan. KB is missing in bulletin.   
 

MS09-048 KB967723 Installed in Altiris Agent but Vulnerable in MBSA scan.
MS10-082 KB2378111 Installed in Altiris Agent but Vulnerable in MBSA scan.

Thank you

 

Hi,

Seems like already answered 2 years ago.

http://www.symantec.com/connect/forums/problems-patches#comment-6066021

------

 

Hello,

reason why KB is not in bulletins is probably exclusion list.

For bellow patches we can check rules for them but if Altiris recognize patch is installed and MBSA says no, it is not installed, it seems that some rule for specific file is missing in Altiris. Can this be checked?

MS09-048 KB967723 Installed in Altiris Agent but Vulnerable in MBSA scan.
MS10-082 KB2378111 Installed in Altiris Agent but Vulnerable in MBSA scan.

Check to see if the updates install with Exit Code: 3010

• Altiris Agent GUI shows 'Installed' but the reports reflect vulnerable: Client may need a reboot.
• Check for reboot performed by Patch Management detailed on KM: TECH40664

You may view the Patch Compliance Reports to see what Patch Management actually deems Compliant, Vulnerable and Applicable as detailed on KM: HOWTO9500.

In addition; I found MS09-048 was partially superseded by MS11-058 (http://technet.microsoft.com/en-us/security/bulletin/ms11-058).

• View this link and see if the OS type update was superseded by MS11-058. Note that Patch Management does not target superseded updates, for it only targets the latest updates to resolve vulnerabilities provided by Microsoft.
• In Addition, if the update within MS09-048 was superseded by MS11-058, it will still not be noted in reports, for MS11-058 was superseded by MS12-017 (http://technet.microsoft.com/en-us/security/bulletin/ms12-017) and that will be the update applicable to resolve this vulnerability.
• This is detailed further on KM: TECH127440

 

 

For MS10-082_ windowsxp-windowsmedia-kb2378111-x86-enu.exe

We have a Windows Vista SP2 machine. After MS09-048_ Windows6.0-KB967723-x86.msu update installation when we run MBSA then it is not showing MS09-048_ Windows6.0-KB967723-x86.msu as required on the machine.

For MS10-082_ windowsxp-windowsmedia-kb2378111-x86-enu.exe

We have a Windows Xp SP3 machine. After MS10-082_ windowsxp-windowsmedia-kb2378111-x86-enu.exe update installation when we run MBSA then it is not showing MS10-082_ windowsxp-windowsmedia-kb2378111-x86-enu.exe as required on the machine.

It would be great if you could provide below information: 

1.     OS along with Service Pack and all software’s installed

2.     Please attach MBSA result also

3.     Appwiz.cpl of the concerned box with show updates/updates installed checked

4.     Also provide steps for customized installation if done any

 

 

Thanks,

Amol

I did test another machine and there is MS10-082 installed. I will try to find another one... For MS09-048 - KB967723 is seen in Installed Updates in system but MBSA says it is not installed. Altiris agent 6.x says Installed by user. MS bug? I will try to contact MS to check it.