We have been developing a tool to easy the burden of moving a Shavlik Protect Console from one system to another. It could be done with some manual effort. Moving certificates, swapping out the name of the system so agents would just start talking to the new one once you had moved everything, but it was a pain. With the performance benefits of 64 bit and the EOL of Windows XP (Apr 2014) and Server 2003
The holidays are nearly over and many of us are starting to think of resolutions as we start a new year. You may be contemplating diets, kicking a habit, getting a gym membership or excise equipment at home, but at the office, think about ways to improve your security in 2014. Here are some suggestions to contemplate. These are probably already problems or projects you have been thinking about and maybe you already have them solved or planned out to solve this next year. If you haven’t, keep in mind all of these are possible with Shavlik Protect.
Increase patching frequency for your end user machines:
- Microsoft may only release patches once a month, but the 3rd party apps on your systems are updated throughout the rest of the month. Products from vendors like Adobe, Java, Google, Apple, Mozilla, and others are a prime target for hackers as many companies neglect to update them. Our Content Team releases new data multiple times each week which includes security updates for these products.
- Talk to vendors who are holding you on a vulnerable version of software due to a dependency on their application. A good example of this is Java Runtime. If you have software dependent on an older version of Java this is a risk to your environment. I can’t tell you how many companies I talk to that have a dependency on a version of Java 6 due to a software vendor who has a dependency on a specific version of Java. There are known exploits and off the shelf software to take advantage of them making this an easy target for hackers.
- Check for End of Life software on your systems. Shavlik shows software titles that have reached EOL with their vendor. Any titles that are no longer supported become a risk to your environment and should be updated or removed if possible.
Secure your virtual infrastructure:
- Securing the Guest OS is all fine and good, but if you do not patch the infrastructure it is running on you are still putting the most secure VM at risk. With Protect you can patch Citrix, Hyperv-V, and VMware ESXi (Protect 9.0+) infrastructures.
- Update VMware Tools. VMware Tools are required for a lot of functionality on VMware VMs. They are also a security risk. Ensure you are updating the Tools version on your VMs. Keep in mind if you do not update the Hypervisor tools version then the status for VMware Tools being up to date is not accurate. You should ensure you have the latest tools updates applied to your Hypervisors. There can be a delay and possibly a VM reboot before the Tools version shows out of date after you update the tools version of your Hypervisor. Protect will detect and push the latest version of tools to systems which may be newer than the version your Hypervisor is evaluating against.
Extend your coverage outside your environment:
- Laptops that move in and out of your network regularly can be a risk to your environment. It is important to ensure these systems are updated more frequently. They move beyond your corporate perimeter security measures and often reside on public networks exposing them to greater risk. With Protect 9.0 you can now enroll your console in the ProtectCloud. This enables agents on your laptops to keep up to date even outside your network. Policy updates and results are exchanged through the ProtectCloud so you are still able to see machines being updated and ensure they take policy changes you apply.
We recently caught up with Randy Bowman to learn more about how Shavlik helps him in his role as network engineer for the Presbyterian Church of the USA in Louisville, Kentucky.
The System: The Presbyterian Church of USA licenses Shavlik for 50 servers with 450 endpoints disbursed in Louisville and Stone Point, New York.
The Team: Consists of a two member networking team that takes care of the servers and server patching on a monthly basis as well as a team member that administers desktop support. The desktop team member also takes care of patching the individual computers, which frees up network staff.
Q: Shavlik: What motivated you to look for a security solution?
A: Randy Bowman: About 8 years ago I came on board after some significant staffing changes. For practical reasons we did not have very much available in the way of documentation. We had to make up for lost time in our patching and we ended up getting a virus. The result was that we were down for three days.
Q: Shavlik: How did you come to use Shavlik?
A: Randy Bowman: One thing I took on as legacy software was UpdateEXPERT (Shavlik acquired UpdateEXPERT in 2007). From there it was an easy transition to Shavlik Protect. We find it makes things a lot simpler for us. It allows us to patch several servers at one time and patch them in the evening when they are free of traffic. We have the flexibility to reboot the servers or do them manually. If the server is open we can throw on the patching right then and there and have it reboot.
Q: Shavlik: What made Shavlik so appealing?
A: Randy Bowman: Time savings. Being able to quickly implement the patches and download them when they come on Patch Tuesday is a huge benefit. We usually wait until Friday or wait for a notification from Shavlik saying it’s okay for the patches to be installed. Here we’ve got 50 plus servers. I can patch half one night and half the next night, and that would be the first patch. Even if it takes two passes to go through and get a server completely patched, it still saves us time. We are patched in less than a week, where before we would have to do some even manually. Patching is a piece of cake really. In comparison to what we’ve had before, it saves us so much time. Another thing is, if there’s an agent that needs to be on the server like if you brought a new server out, even if it’s just a test server, you can open Shavlik and tell it to push the new agent and BOOM it’s done.
Q: Shavlik: Once you chose to use Shavlik, how long did it take you to get up and running?
A: Randy Bowman: In 2 days we had it going. It actually would have taken 1 day but we were having some separate technical issues with the servers that caused delays.
Q: Shavlik: For this installation, did you have people helping you or was it just plug-and-play?
A: Randy Bowman: It was plug-and-play, more or less. A fellow network engineer did the last upgrade to 9.0. He was on the phone with support and got it done in an hour.
Q: Shavlik: What is your favorite Shavlik feature?
A: Randy Bowman: I like how you can go through and scan the machines in a machine group and it will tell you how many patches are missing. You can run the report and in 5 minutes you’ve got results emailed to you about what patches are missing. When it comes to critical security patches, we sat down years ago and decided this is what we need. It’s easy for Shavlik to go through and look for these and let us know what’s patched and what’s not, and if it’s critical or not.
Microsoft has announced this month’s Patch Tuesday release. There are 11 total patches – 5 Critical and 6 Important – expected to be released on Tuesday, December 10. Here is the breakdown for this month:
- Five bulletins are rated as Critical.
- Six bulletins are rated as Important.
- Six bulletins address vulnerabilities that could allow Remote Code Execution.
- One bulletin addresses a vulnerability that could lead to Information Disclosure.
- Three bulletins address vulnerability that could allow Elevation of Privileges.
- One bulletin addresses a vulnerability which could lead to a Security Feature Bypass.
- All supported Windows operating systems
- All versions of Office
- Office Web Apps 2013
- Lync 2010 and 2013
- SharePoint Server 2010 and 2013
- Exchange Server 2007, 2010, and 2013
- ASP.NET SignalR
- Visual Studio Team Foundation Server
If all expected bulletins are released on Tuesday, Microsoft will close 2013 having released 23 more patch day bulletins than in 2012 and six more than in 2011.
Join us as we review the Microsoft and third-party releases for December Patch Tuesday in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, December 11 at 11 a.m. CST. We will also discuss other product and patch releases since the November Patch Tuesday.
You can register for the Patch Tuesday webinar here.
The holiday season is upon us and 2013 is nearly over! As in all things it is good to take time and reflect on what we have accomplished and what we are thankful for. The Shavlik Team would like to share what we are thankful for.
Harriet in our Finance Team says “I am especially thankful for my two new grandchildren. They were born 11 weeks early. The compassion and support from my coworkers made the struggles, we as a family had to deal with so much easier. I work with so many wonderful people who really do care about people and their hardships.”
Bob in Sales says “I’m thankful for a great Dev/QA/test team that released a Rock Solid – Shavlik Protect 9.0 product!! I’m also thankful for my awesome Partners and User Community (Customers) that recognize that Shavlik solves a complex (patching) problem with an easy to use solution, Thank you all!”
Brent in Development says “I’m thankful for my wonderful, loving family, and how they lead by example. It’s also a pleasure to have worked with many of the same passionate coworkers for the past five years.
Shavlik Team Members from Sales, R&D, Product Management, IT Ops, and Management are thankful for “NERF, office shenanigans, and an excellent bunch of co-workers to work and play with.”
The Product Management Team (Chris, Mike, Anne, and Aaron) are thankful for “All of the customers who have taken time to send us feature requests, talk to us at trade shows, join us for a conference call, allow us to come onsite and learn more about what they do and what would improve their product experience. The time you spend helping us to understand your needs helps us to improve the experience of Shavlik Products. Thank You!” and Aaron is especially thankful for “What does the Fox say!” (Aaron’s Fox picture was from a Halloween “What does the Fox Say?” performance).
Thank you Shavlik users for making Shavlik Protect the Information Security ™ Magazine and SearchSecurity.com 2013 Readers’ Choice Award winner. Shavlik Protect received gold in the vulnerability management category and was among the highest scorers this year in any category.
“Shavlik is honored to receive Gold in the 2013 Readers’ Choice Awards,” said Steve Morton, Chief Marketing Officer for Shavlik. “This award not only validates the hard work of our employees but also reinforces and shows the high level of trust our clients place in us and their positive experience with Shavlik Protect.”
From all of us, thank you for this honor and more importantly, your continued confidence in and support of the Shavlik family of products.
Last week, about a dozen Shavlik Protect customers gathered in Minneapolis to rekindle the Shavlik Product Advisory Council (PAC). PAC members represent the existing user base and serve as advisers to Shavlik’s product development team.
During the two-day session, PAC members learned about Shavlik’s strategy, roadmap, and new product offerings, but more importantly, they got to share their perspectives on IT today, patch management, and the challenges they face inside and outside of Shavlik products. Their input will help shape the future of the Shavlik product line.
This first meeting focused on Shavlik Protect but future PAC meetings will expand to include users of SCUPdates, Management Intelligence, and Shavlik MDM.
Shavlik would like to extend a huge thank you to the PAC members for their participation in this event. You guys are the best!
(Top photo) PAC members shared their experiences and challenges both inside and outside of Shavlik products with members of the Shavlik product development team.
(Bottom photo) The event wasn’t all work, though. PAC members attended a professional hockey game and saw our Minnesota Wild pull out a victory over the Carolina Hurricanes.
If you have not ready up on the ZDNet and other posts regarding this exploit here is a link to an article talking in more depth. If you are still on Java 6 you are vulnerable to this Java vulnerability. Java 7 update 21 and earlier are also exposed. There is an exploit kit available to hackers for $450 dollars. They can purchase a way to exploit this vulnerability off the shelf. This means it is past time to upgrade your Java runtime.
So, Shavlik Protect users, here are some easy steps to create a scan template to allow you to deployupgrade Java 7 update 25 to your machines to ensure they are up to date.
For users on Protect 9.0 the steps are as follows:
- Create a new Patch Group by clicking on the +New > Patch Group…
- Name the Patch Group “Java 7 Software Distribution”
- Click add and sort by QNumber column. Select QJAVA7U25N and QJAVA7U25X64N and save the patch group.
- Click +New > Patch Scan Template… and name it Java 7 Software Distribution
- On the Filtering tab uncheck the Patch Type > Security Patches and Patch filter settings set to “Scan Selected” and click the “…” button and select the “Java 7 Software Distribution” patch group.
- Click on the “Software Distribution” tab and check the box to enable Software Distribution. Save the scan template.
- Scan and Deploy the Java 7 update 25.
The best way to protect against this zero day is to eliminate the presence of Java 6 and this should be an easy way to do so.
Microsoft announced their July 2013 advanced notification for Patch Tuesday. The July edition of Patch Tuesday will be bringing seven security bulletins. (See the Microsoft announcement here.)
Security Bulletin Breakdown:
- 6 bulletins are rated as Critical
- 1 bulletin are rated as Important
- 6 bulletins address vulnerabilities that could lead to Remote Code Execution
- 1 bulletins address vulnerabilities that could lead to Elevation of Privilege
- All Internet Explorer versions
- All supported Windows Operating Systems
- Office 2003 SP3, Office 2007 SP3, Office 2010 SP1
- Visual Studio 2003 SP1
- Microsoft Silverlight 5
- Microsoft Lync 2010 and 2013
- Windows Defender on Windows 7 and 2008 R2
I will be going over the Microsoft and 3rd Party releases for the July Patch Tuesday in detail in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, July 10th at 11:00 a.m. CDT. I will also be reviewing other non-Microsoft releases that have occurred since the May Patch Tuesday. You can register for the Patch Tuesday webcast here.
Patch Tuesday +1: This morning we presented our monthly Patch Tuesday webinar. Between Microsoft and 3rd party the Patch Tuesday bill was doubled.
Microsoft had a big release this month. They released 10 Security Bulletins resolving 33 vulnerabilities yesterday, covering everything from the OS to Apps. Most notable was MS13-038 which resolves the IE 8 vulnerability that is currently being exploited in the wild. For those of you who deployed the FixIt, Microsoft is recommending that you disable it first then deploy MS13-038. One other thing to note is that you should deploy MS13-037 as well or MS13-038 could cause compatibility issues for end users. Those are the most concerning patches from Microsoft. To add to that we had five 3rd Party vendors releasing 8 product updates. These covered over 50 vulnerabilities. Theme for the month “Update your browsers and Flash”. Mozilla had three critical product updates resolving over 15 vulnerabilities. Google released a new version of Chrome to support a critical Flash patch. Adobe released critical Flash, AIR, Reader, and Acrobat patches resolving over 27 vulnerabilities.
Recommendations across the board are pretty consistent. Focus on the browsers (MS and 3rd Party) and Adobe first. Then tackle the rest.
In other news, Shavlik has released Shavlik Protect 9.0 as our first official product launch as part of LANDesk! For more details check out the first publication regarding the release this morning. For details on the release check out the announcement on www.shavlik.com. Next week we will be running a few webinars around the new features and the upgrade experience.
Shavlik Protect Team, LANDesk