Patch Support
KBOX Systems Management Appliance Patch Content Summary, Q4 2009
TABLE OF CONTENTS
Patch Quality Assurance Summary ................................................................... 3 KACE Patch and Remediation Support .............................................................. 5
Page 2
This is achieved by verifying the patch metadata produced by a content development team, as well as validating the install process, uninstall processes, that the patch does not disrupt the targeted operating systems and/or applications immediate stability. Providing quality patch content to our customers is a high priority. To ensure successful delivery of content, KACE sanity checks patch feeds from Lumension once they have executed test cases covering the following test components.
Testing Environment
Lumension invests heavily in testing infrastructure. The content development and quality teams have access to a virtual enterprise environment representing more than 1500 nodes of various configurations. Utilizing VMWare ESX and Lab Manager, in addition to custom hardware bench testing, the Lumension testing infrastructure is state of the art.
Application Testing
Lumension tests with various applications as necessary to ensure the requirements of the patch are satisfied.
Page 3
Testing Strategy
GENERAL TESTING Verify patch-naming convention complies with Lumension policy. Verify content supports the replication process. Each patch created by the content team is validated with the GSS distribution and Update Server products. ASSESSMENT TESTING Verify an applicable non-patched system shows applicable and not patched Verify a patched system shows installed and not applicable Verify false positives in the detection of digital fingerprint Verify content is compliant with mandatory baselines Verify the vulnerability is correctly displayed in Update Server and all filtering, sorting and other visual functionality works correctly.
Content Quarterly Report Q4 2008
4 DEPLOYMENT TESTING Verify the package is successfully deployable Verify suppress reboot functionality works correctly Verify the uninstall functionality works correctly Verify on demand package caching works correctly Verify automatic deployment scheduling works correctly Verify agent package download Verify CRC checksum ensuring package integrity Verify agent automatically runs assessment after patch deployment Verify agent restarts automatically after reboot 5
Page 4
Table 1 lists the supported versions and editions for enhance content that is supported in KBOX v4.3 and later. Items shaded in grey are legacy patches that are no longer supported on an ongoing basis.
Table 1: Operating Systems Platform/Devices Support
Publisher Platform/Device OS Edition Architecture Update SCAN Sanctuary Publisher Platform / Device OS Edition Architecture Apple Mac OS X 10.3.9 10.5.8 PowerPC Apple Mac OS X 10.4.5 10.6.2 X86 Microsoft Windows 2000 SP4 AS, SVR, PRO x86 Microsoft Windows XP SP1- SP3 PRO x86 Microsoft Windows XP SP1- SP3 PRO x86_64 Microsoft Windows 2003 ENT, STD, WEB x86 Microsoft Windows 2003 ENT, STD, WEB x86_64 Microsoft Windows Vista BUS, ENT, ULT x86 Microsoft Windows Vista BUS, ENT, ULT x86_64 Microsoft Windows 2008 ENT, STD, WEB x86 Microsoft Windows 2008 ENT, STD, WEB x86_64 Microsoft Windows 7 PRO, ENT, ULT x86 Microsoft Windows 7 PRO, ENT, ULT x86_64 Microsoft Windows 2008 R2 PRO, ENT, ULT x86_64 Update Y Y Y Y Y Y Y Y Y Y Y Y1 Y1 Y1
Content
1
Quarterly
Report
Q4
2008
Application Support
KACE partners with Lumension to support the application patches listed in Table 2. Products are supported only for applicable, supported operating systems (OS). Items shaded in grey are legacy patches that are no longer supported on an ongoing basis, but are still available in the patch repository. Table 2 lists the versions for patch content that is supported. Text in dark green color represents recent information update. Table 3 lists the antivirus applications for which virus definition updates are available in the patch repository.
Page 5
Apple
Mac OS X
Apple Apple Apple Apple Apple Apple Citrix Systems Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft
iLife Media Browser iTunes for Mac iTunes for Windows QuickTime for Windows QuickTime for Mac OS Safari ICA Win32 Client .NET Framework Data Access Components (MDAC) DirectX Exchange Server Exchange Server 2007 Update Rollups FrontPage Server Extension (FPSE). Host Integration Server Internet Explorer Internet Information Service (IIS) Internet Security and Acceleration Server (ISA) Jet MSDE MSN Messenger MSXML
N N N N N N N N N N N NA N N N N N N N N N
Y Y Y Y Y Y Y Y Y Y Y NA Y Y Y Y Y Y Y Y Y
Mac OS X Mac OS X Windows Windows Mac OS X Mac OS X Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows
Page 6
Publisher
Product Office - including desktop applications (Access, Excel, FrontPage, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word) Office for Mac including (Word, Excel, PowerPoint, Entourage, no MS Expression, no Media Support)
Min Version Office 2000 OneNote 2003 Project 2002 Publisher 2002 Visio 2002
Max Version Office 2007 OneNote 2007 Project 2007 Publisher 2007 Visio 2007
NonSecurity Patches
Security Patches
Supported Platform
Microsoft
Windows
Microsoft
Office 2004
Office 2008
Mac OS X
Microsoft
Excel Viewer 2003, Word Viewer 2003, PowerPoint Viewer 2007, Visio Viewer 2007 5.5 SP2 5.1.2600 2.0 2005 Office XP 7 2004 SP1 2005 R2 SP1 2003 2005 2.0 6.4 8.1 4.7 NA 3.0 1.0.4 2.0.0.7 4.83 NA 8 (6.0.9.584) 8 3.8 1.3 1.4.2_03 2.0.1
Excel Viewer 2007, Word Viewer 2007, PowerPoint Viewer 2007, Visio Viewer 2007 6.0 SP1 5.1.2600 3.0 SP2 2007 SP1 Office XP 2008 SP12 2007 SP1 2005 R2 SP1 2003 2008 SP1 3.1 11 Version 2009 5.1 Latest 3.0 3.5.5 3.5.5 6.5 Support Pack 7 Latest 11 (6.0.14.826) Latest 4.0 1.6 1.6.0_16 2.0.1
Windows
Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Mozilla Mozilla Novell PatchLink Real Networks Real Networks Skype Sun Sun VMware
Outlook Express Remote Desktop Connection Software SharePoint Service SharePoint Server SharePoint Team Services SQL Server Virtual PC Virtual Server Visual Studio .NET Visual Studio Windows Installer Windows Media Player Windows Live Messenger Windows Messenger Windows Update Windows Update Agent Firefox Firefox for Mac Netware Windows Client All products RealPlayer for Windows RealPlayer for RedHat Skype Java for Mac OS X Java Runtime Environment (JRE) Fusion
N N N N N N N N N N N N N N N N N N N Y N N N N N N
Y N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Mac OS X Windows All Windows Red Hat Windows Mac OS X Windows Mac OS X
Page 7
Product
NonSecurity Patches N N N N
Security Patches Y Y Y Y
Workstation WinZip
Authentium / Command Software Authentium / Command Software Computer Associates Computer Associates Computer Associates Frisk Software Frisk Software F-Secure McAfee McAfee McAfee McAfee McAfee Microsoft Microsoft Microsoft Microsoft Microsoft Sophos Symantec Symantec Symantec Trend Micro Trend Micro
Command Software Antivirus DEF File Command Software Antivirus Installer eTrust Antivius DAT files (InoculateIT Engine) eTrust Antivius DAT files (Vet Engine) eTrust Antivirus F-Prot Antivirus DEF Files DEF files for Document / Office / Macro Antivirus Virex VirusScan DAT files VirusScan Engine VirusScan Enterprise Engine VirusScan SuperDAT files Malicious Software Removal Tool Outlook 2003 Junk E-mail Filter Outlook 2007 Junk E-mail Filter Windows Defender Windows Mail Junk E-mail Filter Antivirus Symantec Antivirus Corporate Edition Client for 64-bits OS only Symantec/ Norton Antivirus Symantec/ Norton Antivirus OfficeScan ServerProtect
4.75.5 4.75.5 6.00 6.00 6.00 NA NA 5.x 7.20 6.x 4.00 7.00 4.x NA NA NA 1.1.1593 NA last 6 version 10.00 NA 9.0.1 5.58 5.56
4.93.8 4.92.91 7.10 7.10 Latest Latest 5.x Latest Latest Latest 8.00 Latest Latest Latest Latest Latest Latest Latest 10.20 Latest Latest Latest Latest
Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y
Windows Windows Windows Windows Windows Windows Windows Windows Mac OS X Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Mac OS X Windows Windows
13
Page 8
Language Support
KACE supports patches in the locales for Windows operating systems (OS) listed in Table 4. Table 4: Language Support Locale English (United States) French (France) German (Germany) Italian (Italy) Spanish (Spain) Finnish (Finland) Swedish (Sweden) Norwegian (Norway) Danish (Denmark) Dutch (Netherlands) Czech (Czech Republic) Simplifies Chinese (China) Japanese (Japan)
Page 9
OS Support Detail
KACE impact terminology based on the PatchLink Update content closely follows the vendor impact terminology for vulnerability criticality. Each operating system has a vendor-specific impact rating and the mapping to KBOX terminology is described in this section. KACE and Lumension tend to increase or round-up the severity of the impact rating. For instance, Microsoft classifications for Critical, Important, and Moderate patches are all classified as Critical. The following table details the classification of patches that are supported for each supported OS and the impact level use for each. Text in dark green color represents recent information update.
Table 4: OS Support Detail Target Impact Mapping
Vendor Apple Patch Type OS Security Updates Application Security Updates MAC OS Version Updates Microsoft Critical Security (English) Critical Security (Simplified Chinese) Critical Security (Traditional Chinese) Critical Security (Intl) Important Security (English) Important Security (Intl) Moderate Security (English) Moderate Security (Intl) Low Security (English) Low Security (Intl) None Security (English) None Security (Intl) OS Service Packs (English) OS Service Packs (Intl) Application Service Packs (English) Application Service Packs (Intl) Junk Email Filter Updates Malicious Software Removal Tool Windows Defender definition updates X others AntiVirus (AV) Updates X X X X X X X X X X X X X X X X X X X Critical X X X Critical-01 Recommended Virus Removal
Note: The Antivirus vendor updates are posted twice a week, typically on Wednesdays and Fridays.
Page 10
Table 5 below shows the mapping of Microsoft severity ratings to KBOX patch Impact ratings. Table 5: Microsoft Severity mappings to KBOX Impact ratings Vendor Microsoft Critical Important Moderate Service Packs Junk Email Filter Updates Patch Type Critical Recommended
Once content is superseded, the superseded content is marked as Critical-05 and this is reflected in the KBOX Impact rating.
Page 11
Contact KACE
1616 North Shoreline Boulevard Mountain View, California 94043 (877) MGMT-DONE office for all inquiries (+1) (650) 316-1050 International (650) 649-1806 fax European Sales: emea@kace.com Asia Pacific Sales: apac@kace.com Sales and partnering: sales@kace.com Support: support@kace.com Other Information: info@kace.com On the Web: http://www.kace.com
Page 12