1. /
  2. Security Response/
  3. Security Updates Detail

Symantec Enterprise Security Manager - Patches module

July 11, 2008

Description

The Patches module checks for the presence of operating system and application patches that strengthen the system security. The patch information is stored in the patch templates
Symantec updates the patch templates with the Symantec ESM policy installer. This ensures that the updated Patch templates for supported operating systems and applications are available for the policies that are delivered with the Security Update releases. Installing this update adds or updates the Patches policy and the associated template files on the Symantec ESM manager.
Note: On the LiveUpdate wizard, the OS Patch Policy version will now be visible in the following format: Patch Policy <YYYY>.<MM>.<Release_Version>. Here, YYYY is the year of release, MM is the month of release, and Release_Version is the release version of this Patch Policy.
This rapid response patch update for Symantec Enterprise Security Manager reports the operating systems and application patches for Windows.
There are a total of 55 new patch signatures and 3 updated patch signatures in 28 templates.
The summary of the updates is as follows:
  • exchg2k3.p6s (Microsoft Exchange Server 2003 on Microsoft Windows Server 2003 - 1 new)
  • exchg2k3.ps5 (Microsoft Exchange Server 2003 on Microsoft Windows 2000 Server - 1 new)
  • exchg2k7.p64 (Microsoft Exchange Server 2007 on Microsoft Windows Server 2003 x64 Editions - 2 new)
  • exchg2k7.p6s (Microsoft Exchange Server 2007 on Microsoft Windows Server 2003 - 2 new)
  • # exchg2k7.p8s (Microsoft Exchange Server 2003 on Microsoft Windows 2008 - 2 new)
  • exchg2k7.ps8 (Microsoft Exchange Server 2007 on Microsoft Windows Server 2008 x64 Editions - 2 new)
  • patch.p3i (Microsoft Windows Server 2003 for 64-Bit Itanium-based Systems - 4 new)
  • patch.p64 (Microsoft Windows Server 2003 x64 Editions - 4 new)
  • patch.p6s (Microsoft Windows Server 2003 - 4 new)
  • patch.p8i (Microsoft Windows 2008 for Itanium-based Systems - 1 new)
  • patch.p8s (Microsoft Windows 2008 - 2 new)
  • patch.ps5 (Microsoft Windows 2000 Server - 2 new, 1 updated)
  • patch.ps8 (Microsoft Windows 2008 x64 Editions - 2 new)
  • patch.pw5 (Microsoft Windows 2000 Professional - 1 new, 1 updated)
  • patch.pwv (Microsoft Windows Vista - 2 new)
  • patch.pwx (Microsoft Windows XP Professional - 2 new, 1 updated)
  • patch.pxw (Microsoft Windows Vista for x64 - 2 new)
  • sql.p3i (Microsoft SQL Server on Microsoft Windows 2003 for Itanium-based Systems - 2 new)
  • sql.p64 (Microsoft SQL Server on Microsoft Windows 2003 x64 Editions - 2 new)
  • sql.p6s (Microsoft SQL Server on Microsoft Windows 2003 - 2 new)
  • sql.p8i (Microsoft SQL Server on Microsoft Windows 2008 for Itanium-based Systems - 1 new)
  • sql.p8s (Microsoft SQL Server on Microsoft Windows 2008 - 1 new)
  • sql.ps5 (Microsoft SQL Server on Microsoft Windows 2000 Server - 3 new)
  • sql.ps8 (Microsoft SQL Server on Microsoft Windows 2008 x64 Editions - 1 new)
  • sql.pw5 (Microsoft SQL Server on Microsoft Windows 2000 Professional - 3 new)
  • sql.pwv (Microsoft SQL Server on Microsoft Windows Vista - 1 new)
  • sql.pwx (Microsoft SQL Server on Microsoft Windows XP Professional - 2 new)
  • sql.pxw (Microsoft SQL Server on Microsoft Windows Vista for x64 - 1 new)
This rapid response policy includes updates to the Patches module templates that detect new vendor-released patches on the following operating systems:
  • Windows Vista Enterprise 32-bit
  • Windows Vista Enterprise 64-bit (Opteron and EM64T)
  • Windows Server 2003 and 2008 64-bit (Opteron and EM64T)
  • Windows Server 2003 and 2008
  • Windows Server 2003 and 2008 (Itanium)
  • Windows XP Professional
  • Windows 2000 Server and Windows 2000 Advanced Server
  • Windows 2000 Professional
See the Symantec Enterprise Security Manager Data Sheet link: [http://eval.veritas.com/mktginfo/enterprise/fact_sheets/ent-factsheet_enterprise_security_manager_6.5_06-2005.en-us.pdf] for specific version information.
The following applications are also supported:
  • Microsoft Internet Explorer (IE)
  • Internet Information Services Web server (IIS)
  • Microsoft SQL Server
  • Microsoft Exchange Server
  • Microsoft Internet Security and Acceleration Server
  • Microsoft Outlook Express
  • Microsoft Visual Studio
  • Microsoft Windows Media Player
  • Microsoft Windows SharePoint Services
This policy is designed for Symantec ESM agents running SU24 (and later) versions of the Patch module.
For Microsoft Windows Vista Enterprise 32-bit and 64-bit (Opteron and EM64T) support, the minimum requirement is SU 30 on ESM agents. For SuSE Linux Enterprise Server 9 PPC64 support, the minimum requirement is SU31 on ESM agents.
ESM 6.0, 6.1.1 and 6.5 users: To automatically install, use the link below or use LiveUpdate.
MD5:fe697e7caf7936fd4f5a02f7de47e9e2
For agents earlier than 6.5, use the LiveUpdate package entitled, Patch Policies - OS Patches for 5.5/ 6.0
For 6.5 agents and later, use the LiveUpdate package titled, Patch Policies - OS Comprehensive
Note: For more information regarding this update, download the Patch Policy Release Notes <Symantec_ESM_Patch_Policy_Release_Notes_2008.07.01.pdf>.
* Signature names may have been updated to comply with an updated IPS Signature naming convention. See http://www.symantec.com/business/support/index?page=content&id=TECH152794&key=54619&actp=LIST for more information.
Last modified on: July 11, 2008
Security Response Blog
The State of Spam