Daniel,
This is awesome. Would you mind sharing the entire script?
Thanks,
Brian
________________________________
From: listsadmin@lists.myitforum.com <listsadmin@lists.myitforum.com> on behalf
of Daniel Ratliff <dratl...@humana.com>
Sent: Wednesday, April 20, 2016 3:20:13 PM
To: ms...@lists.myitforum.com
Subject: [mssms] RE: Bulletins and manual patching
Our packaging team uses the PADT, so its got a decent amount of logic in there.
Here is the Install phase.
##*===============================================
##* PRE-INSTALLATION
##*===============================================
[string]$installPhase = 'Pre-Installation'
## Show Welcome Message, close Internet Explorer if required,
allow up to 3 deferrals, verify there is enough disk space to complete the
install, and persist the prompt
## Show-InstallationWelcome -CloseApps 'iexplore' -AllowDefer
-DeferTimes 3 -CheckDiskSpace -PersistPrompt
## Show Progress Message (with the default message)
Show-InstallationProgress
## <Perform Pre-Installation tasks here>
Stop-Process -Name 'wfcrun32'
Stop-Process -Name 'wfica32'
Execute-Process -Path 'ReceiverCleanupUtility.exe' -Parameters
"/silent"
##*===============================================
##* INSTALLATION
##*===============================================
[string]$installPhase = 'Installation'
## Handle Zero-Config MSI Installations
If ($useDefaultMsi) { Execute-MSI -Action 'Install' -Path
$defaultMsiFile }
## <Perform Installation tasks here>
Execute-Process -Path 'CitrixReceiver.exe' -Parameters "/silent
ALLOWADDSTORE=N INSTALLDIR=`"C:\Program Files (x86)\Citrix`"
ADDLOCAL=ReceiverInside,ICA_Client,USB,DesktopViewer,Flash,Vd3d
SERVER_LOCATION=https://xenappserver.com";
##*===============================================
##* POST-INSTALLATION
##*===============================================
[string]$installPhase = 'Post-Installation'
## <Perform Post-Installation tasks here>
Set-RegistryKey -Key
'HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\CEIP' -Name
'Enable_CEIP' -Value 0 -Type DWORD
Daniel Ratliff
From: listsadmin@lists.myitforum.com [mailto:listsadmin@lists.myitforum.com] On
Behalf Of Brian McDonald
Sent: Wednesday, April 20, 2016 3:27 PM
To: ms...@lists.myitforum.com
Subject: [mssms] Re: Bulletins and manual patching
Daniel,
The version of Receiver we have is 14.3, although there may be others out there.
I have downloaded the latest Citrix Receiver from the vendor's website.
https://www.citrix.com/downloads/citrix-receiver/windows/receiver-for-windows-latest.html
Which installs as 14.4.0.8014.
Following these steps: http://support.citrix.com/article/CTX202002 I created an
application in SCCM and deployed it to a test machine. CitrixReceiver.exe
/silent doesn't seem to work packaged in SCCM. I get 1603 errors. I've tried
both Application and Package deployments.
Can you tell me how you're doing the install?
Thanks,
Brian
________________________________
From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com>
<listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com>> on
behalf of Daniel Ratliff <dratl...@humana.com<mailto:dratl...@humana.com>>
Sent: Tuesday, April 19, 2016 12:43:28 PM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] RE: Bulletins and manual patching
The first one we are still tracking down ourselves, but your 2nd one is easy,
its Citrix Reciever. You have 12.1, the latest I think is 14.4. We push
Receiver out to all devices as we are a heavy XenApp/XenDesktop shop. We just
use a standard package.
Daniel Ratliff
From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com>
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Brian McDonald
Sent: Tuesday, April 19, 2016 12:14 PM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] Re: Bulletins and manual patching
Jason,
For the vulnerabilities we are getting dinged on we have exhausted our
capabilities within SCCM to perform patching. We are using Shavlik for 3P
stuff, but these are all one-offs that we are battling. Here are two of the
really big ones causing us some major issues. Neither one of these have a
'patch' that you can download from Microsoft to install. I'm trying to get an
idea of how other folks attack these. Every week we get a lit of workstations
with vulnerabilities. All of these vulnerabilities aren't anything we can
download directly from Microsoft. It typically requires scripting, creating a
package in SCCM and pushing it out to fix manually. Here are a few. I'd be very
surprised if no one else has ran into these.
Thanks,
Brian
Microsoft Malware Protection Engine Remote Code Execution Vulnerability
(2846338)
Description: A remote code execution vulnerability is present in some versions
of Microsoft Malware Protection Engine.
Observation: The Microsoft Malware Protection Engine is a part of the following
products: Microsoft Forefront Client Security, Microsoft Forefront Endpoint
Protection, Microsoft Forefront Security for SharePoint, Microsoft System
Center Endpoint Protection, Microsoft Malicious Software Removal Tool,
Microsoft Security Essentials, Microsoft Security Essentials Prerelease,
Windows Defender , etc. A remote code execution vulnerability is present in
some versions of Microsoft Malware Protection Engine. It's caused when the
Microsoft Malware Protection Engine does not properly scan a specially crafted
file. Attackers could exploit this vulnerability to execute arbitrary code in
the security context of the LocalSystem account.
Common Vulnerabilities Exposures (CVE) ID: CVE-2013-1346
Recommendation: The vendor has released an advisory to address the issue.
http://technet.microsoft.com/en-us/security/advisory/2846338
False Output: Windows Defender engine version: 1.1.7604.0~KB2846338
Citrix XenApp Online Plug-in / Receiver Remote Code Execution
Description: A remote code execution vulnerability is present in some versions
of Citrix XenApp Online Plug-in and Citrix Receiver.
Observation: The flaw is due to an unspecified error. Successful exploitation
by a remote attacker could result in the execution of arbitrary code if the
victim is convinced into opening a malicious file from an SMB or WebDAV share.
Common Vulnerabilities Exposures (CVE) ID: CVE-2012-4603
Recommendation: The vendor has released an update to address the issue:
http://support.citrix.com/article/CTX134681
False Output: Citrix online plug-in - web, 12.1.0.30
________________________________
From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com>
<listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com>> on
behalf of Jason Sandys <ja...@sandys.us<mailto:ja...@sandys.us>>
Sent: Monday, April 18, 2016 1:24:45 PM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] RE: Bulletins and manual patching
I've never seen a security bulletin hotfix not be in the WSUS catalog. Can you
give an example of one?
J
From: listsadmin@lists.myitforum.com<mailto:listsadmin@lists.myitforum.com>
[mailto:listsadmin@lists.myitforum.com] On Behalf Of Brian McDonald
Sent: Monday, April 18, 2016 1:16 PM
To: ms...@lists.myitforum.com<mailto:ms...@lists.myitforum.com>
Subject: [mssms] Bulletins and manual patching
How are folks handling security vulnerabilities that do not sync up with
WSUS/SCCM? I'm trying to grasp how to best approach patches that require manual
package creation in SCCM, such as MS Security Bulletins. This seems to be a
never ending battle and we have a very lean team.
Thanks,
Brian
The information transmitted is intended only for the person or entity to which
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information
in error,
please contact the sender and delete or destroy the material/information.
The information transmitted is intended only for the person or entity to which
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information
in error,
please contact the sender and delete or destroy the material/information.
