Security Basics mailing list archives
RE: Windows patch mgmt.
From: "Robinson, Sonja" <SRobinson () HIPUSA com>
Date: Fri, 25 Jun 2004 14:56:12 -0400
Welcome to the nightmare. MBSA does not always catch all, sometimes you need to uses SMS as well but it catches most. Between the two you are relatively safe. ALso, MS doesn't make patches for all vulnerabilities so you need to take that into account. -----Original Message----- From: Dan Denton [mailto:ddenton () PAYLESSOFFICE com] Sent: Wednesday, June 23, 2004 4:09 PM To: pingywon MCSE; Depp, Dennis M. Cc: bob martin; security-basics () securityfocus com Subject: RE: Windows patch mgmt. MBSA stands for Microsoft Baseline Security Analyzer. Try searching for that. -----Original Message----- From: pingywon MCSE [mailto:pingywon () gmail com] Sent: Tuesday, June 22, 2004 9:06 PM To: Depp, Dennis M. Cc: bob martin; security-basics () securityfocus com Subject: Re: Windows patch mgmt. Could you link this utility I couldnt seem to find it on MS.com Thanks On Mon, 21 Jun 2004 08:40:10 -0400, Depp, Dennis M. <deppdm () ornl gov> wrote:
Bob, Have you looked at MBSA from Microsoft. This tool will allow you to scan your network and will report on any machines that are missing updates. Denny -----Original Message----- From: bob martin [mailto:bobmartin_613 () hotmail com] Sent: Tuesday, June 15, 2004 10:41 AM To: security-basics () securityfocus com Subject: Windows patch mgmt. Hello all. Basic patching question for you. We have a small environment (approx. 300 desktops and 50 servers) and the question has come up how do we test all desktops/servers after a windows patch has been installed. Given that the networking/desktop team consists of 6 people, I'm a bit stumped on how we can do this efficiently. We use St. Benard's Update Expert to push out the patches and to verify
they've
been installed. Currently we push to a QA environment and let it soak for a week or two while it's being used for it's normal functions. The concern is if the server isn't being used for testing, then we may push a patch to a production server without it being "tested." Any suggestions would be very welcomed. Any more, there's so many windows patches that it's almost a full time job for one person to manage them. Thanks. Bob _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee(r) Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 ---------------------------------------------------------------------- -- --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert
instructors.
Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your
organization.
Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------- -- ---- ---------------------------------------------------------------------- ----- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert
instructors.
Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your
organization.
Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------ ----
-- ~pingywon MCSE http://www.pingywon.com ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- CONFIDENTIALITY NOTICE: This e-mail transmission, including any attachments to it, may contain confidential information or protected health information subject to privacy regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). This transmission is intended only for the use of the recipient(s) named above. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of any of the information contained in this transmission is STRICTLY PROHIBITED. If you have received this transmission in error, please immediately notify me by reply e-mail and destroy the original transmission in its entirety without saving it in any manner. --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: Windows patch mgmt., (continued)
- Re: Windows patch mgmt. Murad Talukdar (Jun 23)
- Re: Windows patch mgmt. pingywon MCSE (Jun 23)
- RE: Windows patch mgmt. Paul Ryan (Jun 24)
- RE: Windows patch mgmt. Kymer, Daniel (Jun 23)
- RE: Windows patch mgmt. Depp, Dennis M. (Jun 23)
- Re: RE: Windows patch mgmt. Warren V Camp (Jun 23)
- RE: Windows patch mgmt. Depp, Dennis M. (Jun 23)
- Re: Windows patch mgmt. Ansgar -59cobalt- Wiechers (Jun 25)
- RE: Windows patch mgmt. Daszczyszak, Roman L. SPC (1AD 501 MI BN ACE IMO) (Jun 24)
- RE: Windows patch mgmt. Dan Denton (Jun 24)
- RE: Windows patch mgmt. Robinson, Sonja (Jun 25)