1. /
  2. Security Response/
  3. Security Updates Detail

Symantec Enterprise Security Manager - Symantec Enterprise Security Manager™ Patches module

July 31, 2009

Description

The Patches module checks for the presence of the operating system and application patches that strengthen system security. The Patch information is stored in Patch templates.

Symantec updates the Patch templates with the Symantec ESM policy installer. This ensures that the updated Patch templates for the supported operating systems and applications are available for the policies that are delivered with the Security Update releases. Installing this update adds or updates the Patches policy and the associated template files on the Symantec ESM manager.

This rapid response patch update for Symantec Enterprise Security Manager reports the operating system and application patches for UNIX and Windows operating system. There are a total of 1229 new patch signatures and 147 updated patch signatures in 28 templates.
The new templates are as follows:

  • ie.p3i (Microsoft Internet Explorer on Microsoft Windows Server 2003 for 64-Bit Itanium-based Systems - 2 new)
  • ie.p64 (Microsoft Internet Explorer on Microsoft Windows Server 2003 for x64 Editions - 3 new)
  • ie.p6s (Microsoft Internet Explorer on Microsoft Windows Server 2003 - 3 new)
  • ie.p8i (Microsoft Internet Explorer on Microsoft Windows 2008 for Itanium-based Systems - 2 new)
  • ie.p8s (Microsoft Internet Explorer on Microsoft Windows Server 2008 - 5 new)
  • ie.ps5 (Microsoft Internet Explorer on Microsoft Windows 2000 Server - 2 new)
  • ie.ps8 (Microsoft Internet Explorer on Microsoft Windows 2008 x64 Editions - 5 new)
  • ie.pw5 (Microsoft Internet Explorer on Microsoft Windows 2000 Professional - 2 new)
  • ie.pwv (Microsoft Internet Explorer on Microsoft Windows Vista - 4 new)
  • ie.pwx (Microsoft Internet Explorer on Microsoft Windows XP Professional - 4 new)
  • ie.pxw (Microsoft Internet Explorer on Microsoft Windows Vista for 64-Bit - 3 new)
  • patch.p6s (Microsoft Windows Server 2003 - 2 new, 2 updated)
  • patch.ph1 (HP-UX 11.00 - 11.31 PA-RISC - 47 new)
  • patch.ph2 (HP-UX 11.23 - 11.31 for Itanium-based systems - 30 new)
  • patch.plx (RedHat Linux and Enterprise Linux - 468 new)
  • patch.ps6 (Sun Solaris 2.6+ - 47 new)
  • patch.psl (SUSE Linux - 556 new, 145 updated)
  • visualstudio.p3i (Microsoft Visual Studio on Microsoft Windows Server 2003 for Itanium-based Systems - 1 new)
  • visualstudio.p64 (Microsoft Visual Studio on Microsoft Windows Server 2003 x64 Editions - 6 new)
  • visualstudio.p6s (Microsoft Visual Studio on Microsoft Windows Server 2003 - 7 new)
  • visualstudio.p8i (Microsoft Visual Studio on Microsoft Windows Server 2008 for Itanium-based Systems - 1 new)
  • visualstudio.p8s (Microsoft Visual Studio on Microsoft Windows Server 2008 - 2 new)
  • visualstudio.ps5 (Microsoft Visual Studio on Microsoft Windows 2000 Professional - 4 new)
  • visualstudio.ps8 (Microsoft Visual Studio on Microsoft Windows Server 2008 x64 Editions - 3 new)
  • visualstudio.pw5 (Microsoft Visual Studio on Microsoft Windows Server 2000 - 4 new)
  • visualstudio.pwv (Microsoft Visual Studio on Microsoft Windows Vista - 5 new)
  • visualstudio.pwx (Microsoft Visual Studio on Microsoft Windows XP Professional - 6 new)
  • visualstudio.pxw (Microsoft Visual Studio on Microsoft Windows Vista x64 Editions - 5 new)
This rapid response policy includes updates to the Patches module templates that detect new vendor-released patches on the following operating systems:

  • HP-UX
  • AIX
  • Solaris
  • Red Hat Enterprise Linux
  • SUSE Linux Enterprise Server 9 and 10
  • SUSE Linux Enterprise Server 9 and 10 Zlinux
  • SUSE Linux Enterprise Server 9 and 10 for Itanium Processor Family
  • SUSE Linux Enterprise Server 9 and 10 PPC64
  • SUSE Linux Enterprise Server 9 and 10 for AMD64 and EM64T (x86_64)
  • Windows Vista Enterprise 32-bit
  • Windows Vista Enterprise 64-bit (Opteron and EM64T)
  • Windows Server 2003 and 2008 64-bit (Opteron and EM64T)
  • Windows Server 2003 and 2008
  • Windows Server 2003 and 2008 (Itanium)
  • Windows XP Professional
  • Windows 2000 Server and Windows 2000 Advanced Server
  • Windows 2000 Professional
See the Symantec Enterprise Security Manager Data Sheet link: http://eval.veritas.com/mktginfo/enterprise/fact_sheets/ent-factsheet_enterprise_security_manager_6.5_06-2005.en-us.pdf] for specific version information.

The following applications are also supported:

  • Microsoft Internet Explorer (IE)
  • Internet Information Services Web server (IIS)
  • Microsoft SQL Server
  • Microsoft Exchange Server
  • Microsoft Internet Security and Acceleration Server
  • Microsoft Outlook Express
  • Microsoft Visual Studio
  • Microsoft Windows Media Player
  • Microsoft Windows SharePoint Services
This policy is designed for Symantec ESM agents running SU 24 (and later) versions of the Patch module.

For Microsoft Windows Vista Enterprise 32-bit and 64-bit (Opteron and EM64T) support, the minimum requirement is SU 30 on the ESM agents. For SuSE Linux Enterprise Server 9 PPC64 support, the minimum requirement is SU 31 on the ESM agents.

ESM 6.5 and 9.0 users: To automatically install, use the link below or use LiveUpdate.

Download Patch Policy BestPractice_OS_Patch_Updates_2009.07.02.exe
MD5: 1850c1f3ea23336af559f01d5c7ed242

For 6.5 agents and later, use the LiveUpdate package titled, Patch Policies – OS Comprehensive.

Note: For more information regarding this update, download the Patch Policy Release Notes Symantec_ESM_Patch_Policy_Release_Notes_2009.07.02.pdf.
* Signature names may have been updated to comply with an updated IPS Signature naming convention. See http://www.symantec.com/business/support/index?page=content&id=TECH152794&key=54619&actp=LIST for more information.
Last modified on: July 31, 2009
Security Response Blog
The State of Spam