Shavlik PAC is back!

Last week, about a dozen Shavlik Protect customers gathered in Minneapolis to rekindle the Shavlik Product Advisory Council (PAC). PAC members represent the existing user base and serve as advisers to Shavlik’s product development team.

During the two-day session, PAC members learned about Shavlik’s strategy, roadmap, and new product offerings, but more importantly, they got to share their perspectives on IT today, patch management, and the challenges they face inside and outside of Shavlik products. Their input will help shape the future of the Shavlik product line.

This first meeting focused on Shavlik Protect but future PAC meetings will expand to include users of SCUPdates, Management Intelligence, and Shavlik MDM.

Shavlik would like to extend a huge thank you to the PAC members for their participation in this event. You guys are the best!

PAC

 

(Top photo) PAC members shared their experiences and challenges both inside and outside of Shavlik products with members of the Shavlik product development team.

 

Wild game

(Bottom photo) The event wasn’t all work, though. PAC members attended a professional hockey game and saw our Minnesota Wild pull out a victory over the Carolina Hurricanes.

 

Avoid the latest Java Zero Day by upgrading to Java 7 today

If you have not ready up on the ZDNet and other posts regarding this exploit here is a link to an article talking in more depth.  If you are still on Java 6 you are vulnerable to this Java vulnerability.  Java 7 update 21 and earlier are also exposed.  There is an exploit kit available to hackers for $450 dollars.  They can purchase a way to exploit this vulnerability off the shelf.  This means it is past time to upgrade your Java runtime.

So, Shavlik Protect users, here are some easy steps to create a scan template to allow you to deployupgrade Java 7 update 25 to your machines to ensure they are up to date.

For users on Protect 9.0 the steps are as follows:

  1. Create a new Patch Group by clicking on the +New > Patch Group…
  2. Name the Patch Group “Java 7 Software Distribution”
  3. Click add and sort by QNumber column.  Select QJAVA7U25N and QJAVA7U25X64N and save the patch group.
  4. Click +New > Patch Scan Template… and name it Java 7 Software Distribution
  5. On the Filtering tab uncheck the Patch Type > Security Patches and Patch filter settings set to “Scan Selected” and click the “…” button and select the “Java 7 Software Distribution” patch group.
  6. Click on the “Software Distribution” tab and check the box to enable Software Distribution.  Save the scan template.
  7. Scan and Deploy the Java 7 update 25.

The best way to protect against this zero day is to eliminate the presence of Java 6 and this should be an easy way to do so.

Chris Goettl

 

July Patch Tuesday Advanced Notification

Microsoft announced their July 2013 advanced notification for Patch Tuesday. The July edition of Patch Tuesday will be bringing seven security bulletins. (See the Microsoft announcement here.)

Security Bulletin Breakdown:

  • 6 bulletins are rated as Critical
  • 1 bulletin are rated as Important

Vulnerability Impact:

  • 6 bulletins address vulnerabilities that could lead to Remote Code Execution
  • 1 bulletins address vulnerabilities that could lead to Elevation of Privilege

Affected Products:

  • All Internet Explorer versions
  • All supported Windows Operating Systems
  • Office 2003 SP3, Office 2007 SP3, Office 2010 SP1
  • Visual Studio 2003 SP1
  • Microsoft Silverlight 5
  • Microsoft Lync 2010 and 2013
  • Windows Defender on Windows 7 and 2008 R2

I will be going over the Microsoft and 3rd Party releases for the July Patch Tuesday in detail in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, July 10th at 11:00 a.m. CDT. I will also be reviewing other non-Microsoft releases that have occurred since the May Patch Tuesday. You can register for the Patch Tuesday webcast here.

Regards,

Chris Goettl

IE 8 patch, a plethora of 3rd party, and a product release, oh my!

Patch Tuesday +1: This morning we presented our monthly Patch Tuesday webinar.  Between Microsoft and 3rd party the Patch Tuesday bill was doubled.

Microsoft had a big release this month.  They released 10 Security Bulletins resolving 33 vulnerabilities yesterday, covering everything from the OS to Apps.   Most notable was MS13-038 which resolves the IE 8 vulnerability that is currently being exploited in the wild.  For those of you who deployed the FixIt, Microsoft is recommending that you disable it first then deploy MS13-038.  One other thing to note is that you should deploy MS13-037 as well or MS13-038 could cause compatibility issues for end users. Those are the most concerning patches from Microsoft.  To add to that we had five 3rd Party vendors releasing 8 product updates.  These covered over 50 vulnerabilities.  Theme for the month “Update your browsers and Flash”.  Mozilla had three critical product updates resolving over 15 vulnerabilities.  Google released a new version of Chrome to support a critical Flash patch.  Adobe released critical Flash, AIR, Reader, and Acrobat patches resolving over 27 vulnerabilities.

Recommendations across the board are pretty consistent.  Focus on the browsers (MS and 3rd Party) and Adobe first.   Then tackle the rest.

In other news, Shavlik has released Shavlik Protect 9.0 as our first official product launch as part of LANDesk!  For more details check out the first publication regarding the release this morning.  For details on the release check out the announcement on www.shavlik.com.  Next week we will be running a few webinars around the new features and the upgrade experience.

Chris Goettl
Shavlik Protect Team, LANDesk

LANDesk Aquires Shavlik from VMware

As many of you may now know, the Shavlik products were acquired by LANDesk.  Click here to see Steve Daly’s blog post on the acquisition.  As for the Protect products, we are currently in beta for the next release of Protect which will release in late Aprilearly May as Shavlik Protect 9.0.  The Update Catalog will be going back to the Shavlik SCUPdates branding as well.  Both products have long term plans in place and we are very excited to join the LANDesk family.

I am currently out in Las Vegas at the MMS show and we have had an exciting start to the week.  The welcome reception yesterday kept everybody in the booth very busy.  We talked to over 300 people in two and a half hours!  Current customers, partners, and those interested in the products all were interested in the news.

The Shavlik Protect 9.0 beta refresh will be beginning later this week as we wind down to RTM and GA.  It is also patch week, so for those of you who are not already registered you can click here to register for the April Patch Tuesday Webinar.  Join us tomorrow at 11am central to discuss the 9 bulletins from Microsoft and a few 3rd party patches we will be releasing later today.  We will also recap the patches released between March and April patch Tuesday.

Regards,

Chris Goettl
Shavlik Protect Team, LANDesk

 

 

 

 

April Patch Tuesday Advanced Notification

Microsoft announced their April 2013 advanced notification for Patch Tuesday.  The April edition of Patch Tuesday will be bringing nine security bulletins.

Security Bulletin Breakdown:

  • 2 bulletins are rated as Critical
  • 7 bulletins are rated as Important
  • 2 bulletins address vulnerabilities that could lead to Remote Code Execution
  • 5 bulletins address vulnerabilities that could lead to Elevation of Privilege
  • 1 bulletin addresses a vulnerability that could lead to Information Disclosure
  • 1 bulletin addresses a vulnerability that could lead to a Denial of Service attack

Affected Products:

  • All Internet Explorer versions
  • All supported Windows Operating Systems
  • InfoPath 2010 SP1
  • SharePoint Server 2010 SP1
  • Groove Server 2010 SP1
  • Office Web Apps 2010 SP1
  • SharePoint Foundation 2010 SP1
I will be going over the April Patch Tuesday patches in detail in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, April 10th at 11:00 a.m. CDT.  I will also be reviewing other non-Microsoft releases that have occurred since the March Patch Tuesday. You can register for the Patch Tuesday webcast here.
Regards,
Chris Goettl

vCenter Protect 9.0 Beta is Live!

Hey All,

We have a big week this week.  We have a HUGE release coming with vCenter Protect 9.0.  The product is in public beta as of yesterday.  We have many amazing new features like Cloud Agents, Hypervisor Patching, 64 bit Edition, a host of UI and usability improvements, the list goes on and on.  Check out the vCenter Protect Tech Talk playback from February 26th for a demonstration of this great new release!   For details on how to join the public beta contact Shavlik-beta@vmware.com.

We are also in the middle of the March Patch Tuesday release.  Microsoft has released 7 bulletins.  There are also a number of 3rd Party vendors releasing updates this week.  With the Pwn2Own 2013 contest having just wrapped last week vendors are diligently releasing updates to plug up the myriad of vulnerabilities exploited.  Come and join us for the Minimizing the Impact of Patch Tuesday webinar tomorrow where we will review the Patch Tuesday data release and also the last month review of patches released by vendor.   Keep an eye out for the XML Announcement marking the release of the Patch Tuesday patches into vCenter Protect.

Regards,

Chris Goettl

 

March Patch Tuesday Advanced Notification

Microsoft announced their March 2013 advanced notification for Patch Tuesday.   The March edition of Patch Tuesday will be bringing seven security bulletins, six of which will be supported in vCenter Protect.  The seventh is a patch on Office for Mac.

Security Bulletin Breakdown:

  • 4 bulletins are rated as Critical
  • 3 bulletins are rated as Important
  • 3 bulletins address vulnerabilities that could lead to Remote Code Execution
  • 2 bulletins address vulnerabilities that could lead to Elevation of Privilege
  • 2 bulletins address vulnerabilities that could lead to Information Disclosure

Affected Products:

  • All supported Microsoft operating systems
  • All supported versions of Internet Explorer
  • Microsoft Silverlight 5
  • Microsoft Visio and Visio Viewer 2010 SP1
  • Microsoft Filterpack 2010 SP1
  • Microsoft OneNote 2010 SP1
  • Microsoft SharePoint Foundation 2010 SP1
  • Microsoft Web Analytics Web Front End Components

I will be going over the March Patch Tuesday patches in detail in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, March 13th at 11:00 a.m. CDT.  I will also be reviewing other non-Microsoft releases that have occurred since the February Patch Tuesday. You can register for the Patch Tuesday webcast here.

-Chris Goettl

February 2013 Patch Tuesday Overview

This week New York gets hammered with snow and IT Admins get hammered with patches.  Microsoft has released 12 new security bulletins addressing 55 vulnerabilities.  The number of vulnerabilities this month comes very close to the record 64 vulnerabilities resolved in the April 2011 Patch Tuesday.

Of the 12 bulletins released this Patch Tuesday, 5 are critical.  MS13-009 and MS13-010 affecting Internet Explorer, MS13-011 and MS13-020 affecting the Windows Operating System, and MS13-012 affecting Exchange Server.

The first browser patch this month is MS13-009.  This is a cumulative security update covering 13 of the reported vulnerabilities and should be a priority for administrators.  IE 6-10 on all supported Windows Operating Systems are affected.

The second browser patch is MS13-010.  This bulletin resolves a single VML memory corruption vulnerability which could allow a specially crafted website to remotely execute code.   Exploit code is likely and Microsoft is aware of this being used as an information disclosure vulnerability.   IE 6-10 on all supported Windows Operating Systems are affected.

MS13-011 is a critical patch affecting supported versions of Windows XP, Vista, Server 2003, and Server 2008.  It resolves a publicly disclosed vulnerability that can allow remote code execution when a specially crafted streaming media is executed.  The attacker could gain equivalent rights to the user who executed the media file.  If the media is embedded in other files, like ppt, it can also be exploited.

The next critical bulletin is MS13-012.  It is a vulnerability in Exchange Server 2007 and 2010.  The vulnerability allows a specially crafted file using the Outlook Web App.

The last critical bulletin, MS13-020, resolves a vulnerability in OLE Automation.  The vulnerability could allow remote execution if a user opens a specially crafted file allowing the attacker to gain users rights equivalent to the current user.  This vulnerability affects Windows XP SP3.

The remaining seven patches are categorized as Important.  The majority are affecting the Windows Operating System, with one .Net, and one Microsoft FAST Search Server bulletin.

-Chris Goettl

January 2013 Patch Tuesday Overview

To ring in the New Year, today Microsoft has released seven new security bulletins addressing 12 vulnerabilities.

However, the most notable headline from this Patch Tuesday is a security bulletin that was not released.  On December 29, 2012, Microsoft released a security advisory (2794220) informing administrators of a vulnerability in Internet Explorer was currently being exploited.  Microsoft provided a non-security update to prevent exploitation to that vulnerability.  Recently, security researchers have found a way to bypass this temporary fix to carry out an attack on the vulnerability.  As we continue to wait for a security bulletin for Internet Explorer, it is critical that administrators keep their antivirus definitions up to date and upgrade their Internet Explorer browsers to version 9 if possible.  Only Internet Explorer browser versions 6, 7 and 8 are affected by this vulnerability.

Of the seven Microsoft security bulletins released for the January 2013 edition of Patch Tuesday, administrators should look at patching MS13-002 first.  Microsoft has identified a vulnerability in Microsoft XML Core Services.  If an unpatched systems browses to a malicious website, an attacker can gain remote code execution.

The other browsing threat this month that needs attention from administrators is MS13-004.  In this security bulletin, Microsoft is addressing a vulnerability in their .NET software application.  If an unpatched machine browses to a malicious website, an attack can gain elevation of privilege on that machine.

The other critical update this month (MS13-001) addresses a vulnerability in the Windows Print Spooler.  If a machine is set up as a print server, an attacker can send a malicious print job to the machine and gain remote code execution.  Security best practices call for printer servers to reside behind a firewall that only allows internal users to print to the print server.  A most likely attack scenario is for an attacker to already be on the internal network.

And as is becoming a recurring theme, this Patch Tuesday is not just a Microsoft-focused security day.  Several non-Microsoft software vendors have also joined in with releases of their own.

Adobe has released security bulletin APSB13-02 affecting all supported version of Adobe Acrobat and Reader.  This security bulletin is part of their quarterly update for Adobe Acrobat and Reader and was expected.

Adobe also released updates for their Air and Flash Player products.  These updates are security updates were not previously announced (APSB13-01).  With any Adobe Flash Player update, Microsoft and Google update their latest browsers to include the new release of Adobe Flash Player.

Mozilla also released new versions of their products.  Mozilla Firefox 18 are new versions of their product that only contain new features.  Previous versions of the Mozilla products also received updates that contain security fixes.

 

Given that the January 2013 Patch Tuesday does not include a security update for the zero-day Microsoft Internet Explorer vulnerability, there is a good chance we will see an out-of-band update from Microsoft before the February 2013 Patch Tuesday.  Microsoft will continue to monitor the threat landscape and decide if this zero-day vulnerability warrants and out-of-band release.

I will be going over the January Patch Tuesday patches in detail along with reviewing other non-Microsoft releases since the December Patch Tuesday in our monthly Patch Tuesday webcast.   This webcast is scheduled for next Wednesday, January 9th at 11:00 a.m. CT.  You can register for this webcast here.

– Jason Miller