1 Wat is nu eigenlijk: "Windows Update" en "WSUS" Van Hecke Vincent
2 Microsoft Patch Management Van Hecke Vincent
3 Topics Terminologie Hoe Microsoft zijn software fixed. Overzicht technologiën en producten: Automatic Updates of WSUS? WSUS Extra s: MBSA,
5 Important Security Terms Term Vulnerability Threat Attack Countermeasure Definition Software, hardware, a procedural weakness, a feature, or a configuration that could be a weak point exploited during an attack. Also called an exposure. A source of danger. A threat agent attempting to take advantage of vulnerabilities for unwelcome purposes. Software configurations, hardware, or procedures that reduce risk in a computer environment. Also called a safeguard or mitigation.
6 Software Vulnerabilities Term Buffer overrun (overflow) Privilege elevation (escalation) Validation error (source code) Definition An unchecked buffer in a program that can overwrite the program code with new data. If the program code is overwritten with new executable code, the effect is to change the program's operation as dictated by the attacker. Allows users or attackers to attain higher privileges in certain circumstances. Allows malformed data to have unintended consequences.
7 Vulnerability Severity Ratings Rating Critical Important Moderate Low Definition A vulnerability whose exploitation could allow the propagation of an Internet worm without user action. A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users' data, or of the integrity or availability of processing resources. Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation. A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.
8 STRIDE Model of Threat Categories (1/2) Term Spoofing identity Tampering with data Repudiation Definition Illegally obtaining access and use of another person's authentication information, such as a user name or password. The malicious modification of data. Associated with users who deny performing an action, yet there is no way to prove otherwise.(non-repudiation refers to the ability of a system to counter repudiation threats, and includes techniques such as signing for a received parcel so that the signed receipt can be used as evidence.)
9 STRIDE Model of Threat Categories (2/2) Term Information disclosure Denial of service Elevation (Escalation) of privilege Definition The exposure of information to individuals who are not supposed to have access to it, such as accessing files without having the appropriate rights. An explicit attempt to prevent legitimate users from using a service or system. Where an unprivileged user gains privileged access. An example of privilege elevation would be an unprivileged user who contrives a way to be added to the Administrators group.
10 Threat Agents (1/3) Term Virus Worm Trojan horse Definition An intrusive program that infects computer files by inserting copies of self-replicating code, and deletes critical files, makes system modifications, or performs some other action to cause harm to data on the computer or to the computer itself. A virus attaches itself to a host program. A self-replicating program, often malicious like a virus, that can spread from computer to computer without infecting files first. Software or that professes to be useful and benign, but which actually performs some destructive purpose or provides access to an attacker.
11 Threat Agents (2/3) Term Mail bomb Adware Definition A malicious sent to an unsuspecting recipient. When the recipient opens the or runs the program, the mail bomb performs some malicious action on their computer. Any software application or program in which advertising banners are displayed or Pop-up windows appear while the program is running. Adware is considered "Spyware" and is installed without the user's knowledge.
12 Threat Agents (3/3) Term Spyware Definition Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Once installed, the Spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about addresses and even passwords and credit card numbers. Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of Spyware is to download certain peer-to-peer file swapping products that are available today.
13 Microsoft is committed to protecting customers from security vulnerabilities. As part of this effort, Microsoft makes available periodic releases of software. HOE MICROSOFT ZIJN SOFTWARE FIXED Meer info: Google "Trustworthy Computing"
15 MSRC Security Bulletin
16 OVERZICHT TECHNOLOGIEËN EN PRODUCTEN
17 WU: Windows Update MU: Microsoft Update MOU: Microsoft Office Update WSUS: Windows Server Update Services SCCM: System Center Configuration Manager MUC: Microsoft Update Catalog
18 Windows Update
22 Microsoft Update
23 Via Office toepassing
24 Via Windows Update
31 Vergelijking Microsoft Update Windows Update
32 De weg terug naar Windows Update Want eens de agent gekozen voor MU, blijft deze actief tot de WU agent terug wordt geïnstalleerd.
36 Microsoft Office Update
37 Via Windows Update
41 Het update proces
43 Het update proces: type updates High priority Critical updates, security updates, service packs, and update rollups. Software (optional) Non-critical fixes for Windows programs Hardware (optional) Non-critical fixes for drivers and other hardware devices
44 Express vs Custom Express (recommended) displays all high priority updates for your computer so that you can install them with one click. This is the quickest and easiest way to keep your computer up to date. Custom displays high priority and optional updates for your computer. You review and select the updates that you want to install, one by one.
47 De (ongekende?) opties
55 Meerdere WSUS servers
56 Voordelen WSUS Beter beheer van Microsoft Updates, vooral in grotere omgevingen. Rapportering Mogelijks minder trafiek over de internetlijn, indien gebruik makend van centraal repository
58 SCCM SCCM is eigenlijk grote broer van WSUS. De extra features in SCCM zijn: Inventaris management Geavanceerde rapportering Mogelijkheden om systemen te beheren vanop afstand
60 Microsoft Update Catalog
61 Windows Update Catalog
69 AUTOMATIC UPDATES OF WSUS?
70 The Microsoft way Customer Type Large or Medium Enterprise Large or Medium Enterprise Scenario The organization wants a single, flexible update management solution with an extended level of control that enables them to update (and distribute) all Windows operating systems and applications and also includes an integrated asset management solution. The organization wants a solution for update management only that provides simple updating for Microsoft software initially supporting Windows 2000 and later supporting Office 2003, Office XP, Exchange Server 2000 and later, SQL Server 2000 and later. Customer Choice SCCM WSUS
71 The Microsoft way Customer Type Scenario Customer Choice Small Business Small Business Consumer The business has at least one Windows server and one IT administrator. All other scenarios All other scenarios WSUS Microsoft Update or Windows Update Microsoft Update or Windows Update
72 Automatic Updates
73 Best practise indien: Automatic Updates Installeer overal de Microsoft Update agent (zodat alle software wordt geupdate)
74 WSUS Meer mogelijkheden Vergt ook onderhoud Server nodig
76 Over WSUS
77 Over WSUS BITS = Background Intelligent Transfer Service WSUS bevat rapportagemogelijkheden WSUS kan op 2 manieren werken: updates van WSUS halen updates van internet halen Command Line mogelijkheden (wsusutil.exe)
86 Configuratie TIP SSL? Do not store update file locally? Remote workers
87 Meer documentatie Operations Guide: amilyid=66d250fa-670f-4a49-95ec- 2FFDA7691F55&displaylang=en
88 WSUS Tips
89 WSUS Tips: Cloning machines Als een voor WSUS geconfigureerde machine wordt gecloned (via Ghost, ) dan moet er een registry keys worden verwijderd: HKLM\Software\Policies\Microsoft\Windows\Windo wsupdate HKLM\Software\Microsoft\Windows\CurrentVersio n\windowsupdate
90 WSUS Tips: Forefront Forefront gebruikt WSUS voor zijn updates. Dus GPO setting bepaald frequentie voor het zoeken naar nieuwe virusdefinities. Standaard 22u, best op 1u zetten. Optie Allow automatic update immediate installation enabled. Zodat de virusdefinities worden geïnstalleerd zonder schedule in te stellen Zet wel nog een (dagelijkse?) schedule in voor de product updates.
91 WSUS Tips: Performantie issues svchost/msi performance issue both KB and the new 3.0 client needed update-on.aspx
92 WSUS Tips: Client logging Start, then click Run, type WINDOWSUPDATE.LOG and then click OK. Logging from bottom up. WindowsUpdate.log Is the v6 version windows update.log Is the v4 version
93 WSUS Tips 0x80072EE2 0x80072F78 0x80072F76 0x80072EFD You receive an "Error 0x80072EE2" or "Error 0x80072EFD" error message when you try to use Windows Update Add Windows Update Web sites to the Trusted Sites list
94 WSUS Tips 0x How to troubleshoot problems accessing secure Web pages with Internet Explorer 6 Service Pack 2 (870700) This Windows Update error code is caused by unregistered DLL files for Windows Update or Internet Explorer. On Windows XP SP2 and later this may be resolved using the iexplore /rereg command.
95 WSUS Tips 0x /0x800A01AD These Windows Update error codes can be caused by a damaged Windows XP XML subsystem. The first step to take is to reregister this component using the command regsvr32 msxml3.dll. If this does not resolve the issue, check for more recently updated MSXML Parser and MSXML components from the following link: px?productid=&freetext=msxml&displaylang=e n
96 WSUS Tips When accessing the Update site, you receive the 0x800A01AE error. This issue may happen if the current session of Internet Explorer has cached an older version of Wuapi.dll Re-register the Windows Update DLL with the commands below Click Start, click Run, type cmd, and then click OK. Type the following commands. Press ENTER after each command. regsvr32 wuapi.dll regsvr32 wuaueng.dll regsvr32 wuaueng1.dll regsvr32 wucltui.dll regsvr32 wups.dll regsvr32 wups2.dll regsvr32 wuweb.dll
97 WSUS Tips 0x This Windows Update error code is normally related to inconsistent or damaged information in the c:\windows\softwaredistribution folder. Stopping the Automatic Updates service then renaming the c:\windows\softwaredistribution folder to SDOLD then restarting the Automatic Updates service normally is the fix for this issue. Note: Renaming this folder will clear the display of previous successful and failed updates.
98 WSUS Tips 0x800B0001 This Windows Update error code is related to 3 particular DLL files that are not registered in windows correctly. Registering the following files with REGSVR32 normally fixes this issue: Softpub.dll Mssip32.dll Initpki.dll
99 WSUS Tips 0x C This Windows Update error can be caused by a damaged installation of BITS and corrupted information in the SoftwareDistribution folder. The solution is normally to re-download the BITS updates (KB and KB842773) from the Microsoft.com website, then stop the Automatic Updates service and rename the SoftwareDistribution folder to SDOLD. Reboot the computer and return to Windows Update.
100 WSUS Tips: Client Firewalls Most third party firewalls such as Norton Personal Firewall block SVCHOST (Generic Host Process Win32) communication by default. This can cause issues with Windows Update as SVCHOST communication is required by the Windows Update client to connect to the Windows Update Servers on the internet.
103 WSUS Tips To enable site tracing for a single visit to the Windows Update site, add &dev=true to the end of the URL, as in the example below: ault.aspx?ln=en&dev=true
104 WSUS Tips Backup?
105 WSUS Links
106 WSUS 3.0 SP2 Beta Overview New Windows Server and Client Version Support Integration with Windows Server 2008 R2 Support for Windows 7 client Support for the BranchCache feature on Windows Server 2008 R2
107 WSUS 3.0 SP2 Beta Overview WSUS Beta Feature Improvements and Fixes Auto-Approval Rules New functionality lets you specify the approval deadline date and time. You can now apply a rule to all computers or to specific computer groups. Cross-Version Compatibility The user interface is compatible between Service Pack 1 and Service Pack 2 for WSUS 3.0 on both the client and the server.
108 WSUS 3.0 SP2 Beta Overview Software Updates Stability and reliability fixes for the WSUS server, such as support for IPV6 addresses greater than 40 characters. The approval dialog now sorts computer groups alphabetically by group name. Computer status report sorting icons are now functional in x64 environments. Fixed setup issues with database servers running Microsoft SQL Server 2008.
109 EXTRA S
110 MBSA: Scan for vulnerabilites and look for patches Malicious Software Removal Tool Microsoft Security Assessment Tool
FileMaker Server 13 FileMaker Server Help 2010-2013 FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker and Bento are trademarks of FileMaker,
The Critical Security Controls for Effective Cyber Defense Version 5.0 1 Introduction... 3 CSC 1: Inventory of Authorized and Unauthorized Devices... 8 CSC 2: Inventory of Authorized and Unauthorized Software...
Siebel Security Guide Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013 Copyright 2005, 2013 Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided
Cyber Security Planning Guide The below entities collaborated in the creation of this guide. This does not constitute or imply an endorsement by the FCC of any commercial product, service or enterprise
TeamViewer 7 Manual Remote Control TeamViewer GmbH Kuhnbergstraße 16 D-73037 Göppingen www.teamviewer.com Table of Contents 1 About TeamViewer... 5 1.1 About the software... 5 1.2 About the manual... 5
GE Measurement & Control Remote Comms System Installation and User Reference Guide Contents BENEFITS OF REMOTE COMMS SYSTEM... 1 HOW THE REMOTE COMMS SYSTEM WORKS... 3 COMPONENTS OF REMOTE COMMS SYSTEM...
Why patch? If you have already deployed a network architecture, such as the one recommended by Rockwell Automation and Cisco in the Converged Plantwide Ethernet Design and Implementation Guide (http://www.ab.com/networks/architectures.html),
Enterprise Anti-Virus Protection APRIL - JUNE 2014 Dennis Technology Labs www.dennistechnologylabs.com Follow @DennisTechLabs on Twitter.com This report aims to compare the effectiveness of anti-malware
DameWare Remote Support Legal Copyright 1995-2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified, decompiled, disassembled,
CA ARCserve Backup for Windows NDMP NAS Option Guide r16.5 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
Iomega EZ Media and Backup Center User Guide Table of Contents Setting up Your Device... 1 Setup Overview... 1 Set up My Iomega StorCenter If It's Not Discovered... 2 Discovering with Iomega Storage Manager...
Hacker Intelligence Initiative Man in the Cloud (MITC) Attacks 1. Executive Summary In this report, we demonstrate a new type of attack we call Man in the Cloud (MITC). These MITC attacks rely on common
Manual POLICY PATROL EMAIL MAIL SECURITY MANUAL Policy Patrol Email Mail Security This manual, and the software described in this manual, are copyrighted. No part of this manual or the described software
Payment Card Industry (PCI) Data Security Standard Approved Scanning Vendors Program Guide Version 2.0 May 2013 Document Changes Date Version Description February 11, 2010 1.0 May 2013 2.0 Approved Scanning
CA ARCserve Backup for Windows NDMP NAS Option Guide r15 This documentation and any related computer software help programs (hereinafter referred to as the "Documentation") are for your informational purposes
Page 1 of 78 Features - NAS NDMP Client TABLE OF CONTENTS OVERVIEW SYSTEM REQUIREMENTS - NAS NDMP IDATAAGENT INSTALLATION Install the MediaAgent - Windows Install the MediaAgent - Windows -Clustered Environment
TeamViewer 7 Manual Meeting TeamViewer GmbH Kuhnbergstraße 16 D-73037 Göppingen www.teamviewer.com Table of contents 1 About TeamViewer... 5 1.1 About the software... 5 1.2 About the manual... 5 2 Basics...
VMware Horizon 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this
SECURING YOUR SMALL BUSINESS Principles of information security and risk management The challenge Information is one of the most valuable assets of any organization public or private, large or small and