Jason,
For the vulnerabilities we are getting dinged on we have exhausted our capabilities within SCCM to perform patching. We are using Shavlik for 3P stuff, but these are all one-offs that we are battling. Here are two of the really big ones causing us some major issues. Neither one of these have a 'patch' that you can download from Microsoft to install. I'm trying to get an idea of how other folks attack these. Every week we get a lit of workstations with vulnerabilities. All of these vulnerabilities aren't anything we can download directly from Microsoft. It typically requires scripting, creating a package in SCCM and pushing it out to fix manually. Here are a few. I'd be very surprised if no one else has ran into these. Thanks, Brian Microsoft Malware Protection Engine Remote Code Execution Vulnerability (2846338) Description: A remote code execution vulnerability is present in some versions of Microsoft Malware Protection Engine. Observation: The Microsoft Malware Protection Engine is a part of the following products: Microsoft Forefront Client Security, Microsoft Forefront Endpoint Protection, Microsoft Forefront Security for SharePoint, Microsoft System Center Endpoint Protection, Microsoft Malicious Software Removal Tool, Microsoft Security Essentials, Microsoft Security Essentials Prerelease, Windows Defender , etc. A remote code execution vulnerability is present in some versions of Microsoft Malware Protection Engine. It's caused when the Microsoft Malware Protection Engine does not properly scan a specially crafted file. Attackers could exploit this vulnerability to execute arbitrary code in the security context of the LocalSystem account. Common Vulnerabilities Exposures (CVE) ID: CVE-2013-1346 Recommendation: The vendor has released an advisory to address the issue. http://technet.microsoft.com/en-us/security/advisory/2846338 False Output: Windows Defender engine version: 1.1.7604.0~KB2846338 Citrix XenApp Online Plug-in / Receiver Remote Code Execution Description: A remote code execution vulnerability is present in some versions of Citrix XenApp Online Plug-in and Citrix Receiver. Observation: The flaw is due to an unspecified error. Successful exploitation by a remote attacker could result in the execution of arbitrary code if the victim is convinced into opening a malicious file from an SMB or WebDAV share. Common Vulnerabilities Exposures (CVE) ID: CVE-2012-4603 Recommendation: The vendor has released an update to address the issue: http://support.citrix.com/article/CTX134681 False Output: Citrix online plug-in - web, 12.1.0.30 ________________________________ From: listsadmin@lists.myitforum.com <listsadmin@lists.myitforum.com> on behalf of Jason Sandys <ja...@sandys.us> Sent: Monday, April 18, 2016 1:24:45 PM To: ms...@lists.myitforum.com Subject: [mssms] RE: Bulletins and manual patching I've never seen a security bulletin hotfix not be in the WSUS catalog. Can you give an example of one? J From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On Behalf Of Brian McDonald Sent: Monday, April 18, 2016 1:16 PM To: ms...@lists.myitforum.com Subject: [mssms] Bulletins and manual patching How are folks handling security vulnerabilities that do not sync up with WSUS/SCCM? I'm trying to grasp how to best approach patches that require manual package creation in SCCM, such as MS Security Bulletins. This seems to be a never ending battle and we have a very lean team. Thanks, Brian
