Microsoft Patch Tuesday Roundup - June 2011
Keeping Tabs On Patches
Let’s face it; we all have to deal with patches. Everyone from an IT systems administrator to your grandma has to face the challenges of patches. Whether you have a home computer that you use to browse the web, a phone that you occasionally check email from, or 10,000 enterprise desktops spread across three continents, you're dealing with patches. Regardless of your situation, you need to be able to answer two basic questions:
- Which patches are missing?
- Which patches have been successfully installed?
If you only have one computer in the house, it probably annoys you to some degree when it’s time to apply patches, indicating that you are in fact missing patches. This answers the first question above, but the operating systems themselves have few measures for success. There are many situations that cause patches to fail, or leave vulnerable software behind after an update, that can easily be missed by the average user. Your so-called "smart-phone" is even worse. Since most users do not connect their phones to their computers, or the carrier is blocking operating system updates, you may never be able to answer the first question (I guess that's one reason why RIM maintains a prominent presence in the enterprise, as they answer both questions very well with respect to Blackberry users in your environment). Never knowing that you even require patches to be installed is a big problem, as well as knowing if they even applied successfully.
A Much Larger Problem
Enterprises with 10,000 or more desktops exacerbate the problem of patch tracking. With so many devices that require patches, things are bound to go wrong! Lately I've been using dashboards in Tenable's SecurityCenter, and thanks to Tenable CEO/CTO Ron Gula, I have some interesting SecurityCenter 4.2 "dashboards" to help me track patches. Here's just one example:
Click for larger image
In the graph above, the blue line at the top represents the vulnerabilities detected on a given number of hosts (the user configures which hosts’ vulnerabilities are represented in this line, so it could be all of your Windows servers if you like). The bottom line represents a count of the new software installed on the host. It’s an interesting representation of vulnerabilities and software for a few reasons:
- As you add software patches, the count of new software installed will rise. This should cause a decrease in vulnerabilities.
- Sometimes as you add software, the number of vulnerabilities will increase as new software may contain vulnerabilities
- What we hope for over time is to use this as a measure of success for our patch management program. The total number of vulnerabilities should be on a continual decrease. Towards the end of the graph, we can see that the number of vulnerabilities is on a downward trend, which means that patches have been installed successfully and fewer patches are missing.
SecurityCenter 4.2 users can download the dashboard shown above, which is called "Tracking Patch Deployments"
To further aid in your efforts to evaluate the exposures presented by the vulnerabilities addressed by Microsoft’s Patch Tuesday, Tenable's Research team has published Nessus plugins for each of the security bulletins issued this month:
- MS11-037 - Nessus Plugin ID 55117 (Credentialed Check)
- MS11-038 - Nessus Plugin ID 55118 (Credentialed Check)
- MS11-039 - Nessus Plugin ID 55119 (Credentialed Check)
- MS11-040 - Nessus Plugin ID 55120 (Credentialed Check)
- MS11-041 - Nessus Plugin ID 55121 (Credentialed Check)
- MS11-042 - Nessus Plugin ID 55122 (Credentialed Check)
- MS11-043 - Nessus Plugin ID 55123 (Credentialed Check)
- MS11-044 - Nessus Plugin ID 55124 (Credentialed Check)
- MS11-045 - Nessus Plugin ID 55125 (Credentialed Check)
- MS11-046 - Nessus Plugin ID 55126 (Credentialed Check)
- MS11-047 - Nessus Plugin ID 55127 (Credentialed Check)
- MS11-048 - Nessus Plugin ID 55128 (Credentialed Check)
- MS11-049 - Nessus Plugin ID 55129 (Credentialed Check)
- MS11-050 - Nessus Plugin ID 55130 (Credentialed Check)
- MS11-051 - Nessus Plugin ID 55131 (Credentialed Check)
Resources
Related Articles
Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog
October 23, 2023Tenable ranked first in multiple vulnerability management categories, including the most comprehensive coverage and quickest detection of CISA's Known Exploited Vulnerabilities, according to a Miercom report commissioned by Tenable.
Tuning Network Assessments for Performance and Resource Usage
September 13, 2022Using the correct tool for the job and optimizing scanner placement will have a large impact on scan efficiency with Nessus, Tenable.io and Tenable.sc.
Terrascan Joins the Nessus Community, Enabling Nessus To Validate Modern Cloud Infrastructures
May 17, 2022The addition of Terrascan to the Nessus family of products helps users better secure cloud native infrastructure by identifying misconfigurations, security weaknesses, and policy violations by scanning Infrastructure as Code repositories.
CVE-2024-4040: CrushFTP Virtual File System (VFS) Sandbox Escape Vulnerability Exploited
April 23, 2024A zero-day vulnerability in CrushFTP was exploited in the wild against multiple U.S. entities prior to fixed versions becoming available as the vendor recommends customers upgrade as soon as possible.
Operational Technology in the DoD: Ensuring a Secure and Efficient Power Grid
April 19, 2024In an evolving threat landscape, the DoD must make sure that its mission-critical operations don’t experience power outages.
Cybersecurity Snapshot: Cyber Agencies Offer Secure AI Tips, while Stanford Issues In-Depth AI Trends Analysis, Including of AI Security
April 19, 2024Check out recommendations for securing AI systems from the Five Eyes cybersecurity agencies. Plus, Stanford University offers a comprehensive review of AI trends. Meanwhile, a new open-source tool aims to simplify SBOM usage. And don’t miss the latest CIS Benchmarks updates. And much more!
- Nessus
- Patch Auditing