kbox patch support

W H I T E P A P E R

Patch SupportKBOX Systems Management Appliance Patch Content Summary, Q4 2009

Copyright 2009 KACE Networks, Inc. All rights reserved.

KBOX 1000 SERIES

SYSTEMS MANAGEMENT APPLIANCE PATCH SUPPORT

TABLE OF CONTENTSPatch Quality Assurance Summary ................................................................... 3 KACE Patch and Remediation Support .............................................................. 5


Page 2

KBOX 1000 SERIES


Patch Quality Assurance SummaryThe KBOX Systems Management Appliance Release combines best practices across IT management and security operations to allow organizations to provide protection for their business. The patching functionality allows organizations to define policies to automate discovery and remediation of security vulnerabilities and reduce their exposure to attacks. The KBOX Systems Management Appliance patching updates offer industry leading responsiveness and flexibility to address vulnerabilities across a wide range of operating systems and applications, ensuring the broadest set of avenues of attack are blocked. KACE partners with Lumension Security to provide KBOX customers maximum value through the patch content development and quality assurance process. The enhanced patching content feed available with the KBOX 1000 series management appliances is designed with two main objectives : to improve the timeliness of the patch availability without compromising on the quality and reliability, and to enable the broadest possible set of OS and application patching

This is achieved by verifying the patch metadata produced by a content development team, as well as validating the install process, uninstall processes, that the patch does not disrupt the targeted operating systems and/or applications immediate stability. Providing quality patch content to our customers is a high priority. To ensure successful delivery of content, KACE sanity checks patch feeds from Lumension once they have executed test cases covering the following test components.

Testing EnvironmentLumension invests heavily in testing infrastructure. The content development and quality teams have access to a virtual enterprise environment representing more than 1500 nodes of various configurations. Utilizing VMWare ESX and Lab Manager, in addition to custom hardware bench testing, the Lumension testing infrastructure is state of the art.

Application TestingLumension tests with various applications as necessary to ensure the requirements of the patch are satisfied.


Page 3

KBOX 1000 SERIES


Testing StrategyGENERAL TESTING Verify patch-naming convention complies with Lumension policy. Verify content supports the replication process. Each patch created by the content team is validated with the GSS distribution and Update Server products. ASSESSMENT TESTING Verify an applicable non-patched system shows applicable and not patched Verify a patched system shows installed and not applicable Verify false positives in the detection of digital fingerprint Verify content is compliant with mandatory baselines Verify the vulnerability is correctly displayed in Update Server and all filtering, sorting and other visual functionality works correctly.Content Quarterly Report Q4 2008

4 DEPLOYMENT TESTING Verify the package is successfully deployable Verify suppress reboot functionality works correctly Verify the uninstall functionality works correctly Verify on demand package caching works correctly Verify automatic deployment scheduling works correctly Verify agent package download Verify CRC checksum ensuring package integrity Verify agent automatically runs assessment after patch deployment Verify agent restarts automatically after reboot 5


Page 4

KBOX 1000 SERIES


KACE Patch and Remediation SupportOperating Systems Platform SupportThe KBOX currently supports content for the operating systems listed in Table 1 support for specific platforms is as follows: Update installers (no base installers) Core OS Updates (may include patches, service packs, feature packs, cumulative, hot fixes) Stated editions (standard, enterprise, deluxe) Stated version Stated architecture

Table 1 lists the supported versions and editions for enhance content that is supported in KBOX v4.3 and later. Items shaded in grey are legacy patches that are no longer supported on an ongoing basis.Table 1: Operating Systems Platform/Devices SupportPublisher Platform/Device OS Edition Architecture Update SCAN Sanctuary Publisher Platform / Device OS Edition Architecture Apple Mac OS X 10.3.9 10.5.8 PowerPC Apple Mac OS X 10.4.5 10.6.2 X86 Microsoft Windows 2000 SP4 AS, SVR, PRO x86 Microsoft Windows XP SP1- SP3 PRO x86 Microsoft Windows XP SP1- SP3 PRO x86_64 Microsoft Windows 2003 ENT, STD, WEB x86 Microsoft Windows 2003 ENT, STD, WEB x86_64 Microsoft Windows Vista BUS, ENT, ULT x86 Microsoft Windows Vista BUS, ENT, ULT x86_64 Microsoft Windows 2008 ENT, STD, WEB x86 Microsoft Windows 2008 ENT, STD, WEB x86_64 Microsoft Windows 7 PRO, ENT, ULT x86 Microsoft Windows 7 PRO, ENT, ULT x86_64 Microsoft Windows 2008 R2 PRO, ENT, ULT x86_64 Update Y Y Y Y Y Y Y Y Y Y Y Y1 Y1 Y1

Content1

Quarterly

Report

Q4

2008

suppported by v5.0 MR1 with Agent Patch 2

Application SupportKACE partners with Lumension to support the application patches listed in Table 2. Products are supported only for applicable, supported operating systems (OS). Items shaded in grey are legacy patches that are no longer supported on an ongoing basis, but are still available in the patch repository. Table 2 lists the versions for patch content that is supported. Text in dark green color represents recent information update. Table 3 lists the antivirus applications for which virus definition updates are available in the patch repository.


Page 5

KBOX 1000 SERIES


Table 2: Application SupportPublisher Adobe Adobe Adobe Adobe Adobe Adobe Adobe Product Acrobat Reader Acrobat Reader Macromedia Flash Player for Internet Explorer Macromedia Flash Player for FireFox/NetScape Macromedia Flash Player for Mac OS X Shockwave Player for Mac OS X Shockwave Player for Windows Min Version 5.1 5.1 6.0.65 8.0.22 9.0.47 11.5.0.600 11.5.0.600 iLife 06 GarageBand 3.0.4 iDVD 6.0.1 iMovie 6.0.1 iPhoto 5.0.3 iWeb 1.0.1 Update 6.0.4 7.6 6 6.5 1.3.1 6.30 1.0 SP2 2.5 7.0 5.5 4 2000 2000 5.01 4.0 2000 4.0 2000 5 1 Max Version 9.2 9.2 10.0.32.18 10.0.32.18 10.0.32.18 11.5.0.600 11.5.0.600 iLife 09 GarageBand 5.1 iDVD 7.0.4 iMovie 8.0.3 iPhoto 8.1 iWeb 3.0.1 Latest 9.0.1 9.0.1 7.6.4 7.6.4 4.0.4 v10.1 3.5 SP1 2.8 SP1 10.0 2007 9 2002 2006 8.0 7.0 2006 SP1 4.0 2000 7.6 6.0 SP1 NonSecurity Patches N N N N N N N Security Patches Y Y Y Y Y Y Y Supported Platform Mac OS X Windows Windows Windows Mac OS X Mac OS X Windows

Apple

iLife - including desktop applications (GarageBand, iDVD, iMovie, iPhoto, iWeb)

N

Y

Mac OS X

Apple Apple Apple Apple Apple Apple Citrix Systems Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft

iLife Media Browser iTunes for Mac iTunes for Windows QuickTime for Windows QuickTime for Mac OS Safari ICA Win32 Client .NET Framework Data Access Components (MDAC) DirectX Exchange Server Exchange Server 2007 Update Rollups FrontPage Server Extension (FPSE). Host Integration Server Internet Explorer Internet Information Service (IIS) Internet Security and Acceleration Server (ISA) Jet MSDE MSN Messenger MSXML

N N N N N N N N N N N NA N N N N N N N N N

Y Y Y Y Y Y Y Y Y Y Y NA Y Y Y Y Y Y Y Y Y

Mac OS X Mac OS X Windows Windows Mac OS X Mac OS X Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows


Page 6

KBOX 1000 SERIES


Publisher

Product Office - including desktop applications (Access, Excel, FrontPage, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word) Office for Mac including (Word, Excel, PowerPoint, Entourage, no MS Expression, no Media Support)

Min Version Office 2000 OneNote 2003 Project 2002 Publisher 2002 Visio 2002

Max Version Office 2007 OneNote 2007 Project 2007 Publisher 2007 Visio 2007

NonSecurity Patches

Security Patches

Supported Platform

Microsoft

N

Y

Windows

Microsoft

Office 2004

Office 2008

N

Y

Mac OS X

Microsoft

Office Viewer - including (Word, Excel, PowerPoint, Visio)

Excel Viewer 2003, Word Viewer 2003, PowerPoint Viewer 2007, Visio Viewer 2007 5.5 SP2 5.1.2600 2.0 2005 Office XP 7 2004 SP1 2005 R2 SP1 2003 2005 2.0 6.4 8.1 4.7 NA 3.0 1.0.4 2.0.0.7 4.83 NA 8 (6.0.9.584) 8 3.8 1.3 1.4.2_03 2.0.1

Excel Viewer 2007, Word Viewer 2007, PowerPoint Viewer 2007, Visio Viewer 2007 6.0 SP1 5.1.2600 3.0 SP2 2007 SP1 Office XP 2008 SP12 2007 SP1 2005 R2 SP1 2003 2008 SP1 3.1 11 Version 2009 5.1 Latest 3.0 3.5.5 3.5.5 6.5 Support Pack 7 Latest 11 (6.0.14.826) Latest 4.0 1.6 1.6.0_16 2.0.1

N

Y

Windows

Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Mozilla Mozilla Novell PatchLink Real Networks Real Networks Skype Sun Sun VMware

Outlook Express Remote Desktop Connection Software SharePoint Service SharePoint Server SharePoint Team Services SQL Server Virtual PC Virtual Server Visual Studio .NET Visual Studio Windows Installer Windows Media Player Windows Live Messenger Windows Messenger Windows Update Windows Update Agent Firefox Firefox for Mac Netware Windows Client All products RealPlayer for Windows RealPlayer for RedHat Skype Java for Mac OS X Java Runtime Environment (JRE) Fusion

N N N N N N N N N N N N N N N N N N N Y N N N N N N

Y N Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Mac OS X Windows All Windows Red Hat Windows Mac OS X Windows Mac OS X


Page 7

KBOX 1000 SERIES


Publisher VMware VMware VMware WinZip Player Server

Product

Min Version 2.5.1 2.0 6.5.1 9.0

Max Version 2.5.1 2.0 6.5.1 11.2 SR-1

NonSecurity Patches N N N N

Security Patches Y Y Y Y

Supported Platform Windows Windows Windows Windows

Workstation WinZip

Note: legacy support are listed in grey

Table 3: Antivirus Definition File SupportPublisher Product Min Version Max Version Def Updates Supported Platform

Authentium / Command Software Authentium / Command Software Computer Associates Computer Associates Computer Associates Frisk Software Frisk Software F-Secure McAfee McAfee McAfee McAfee McAfee Microsoft Microsoft Microsoft Microsoft Microsoft Sophos Symantec Symantec Symantec Trend Micro Trend Micro

Command Software Antivirus DEF File Command Software Antivirus Installer eTrust Antivius DAT files (InoculateIT Engine) eTrust Antivius DAT files (Vet Engine) eTrust Antivirus F-Prot Antivirus DEF Files DEF files for Document / Office / Macro Antivirus Virex VirusScan DAT files VirusScan Engine VirusScan Enterprise Engine VirusScan SuperDAT files Malicious Software Removal Tool Outlook 2003 Junk E-mail Filter Outlook 2007 Junk E-mail Filter Windows Defender Windows Mail Junk E-mail Filter Antivirus Symantec Antivirus Corporate Edition Client for 64-bits OS only Symantec/ Norton Antivirus Symantec/ Norton Antivirus OfficeScan ServerProtect

4.75.5 4.75.5 6.00 6.00 6.00 NA NA 5.x 7.20 6.x 4.00 7.00 4.x NA NA NA 1.1.1593 NA last 6 version 10.00 NA 9.0.1 5.58 5.56

4.93.8 4.92.91 7.10 7.10 Latest Latest 5.x Latest Latest Latest 8.00 Latest Latest Latest Latest Latest Latest Latest 10.20 Latest Latest Latest Latest

Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y

Windows Windows Windows Windows Windows Windows Windows Windows Mac OS X Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Windows Mac OS X Windows Windows

Note: legacy support are listed in grey

13


Page 8

KBOX 1000 SERIES


Language SupportKACE supports patches in the locales for Windows operating systems (OS) listed in Table 4. Table 4: Language Support Locale English (United States) French (France) German (Germany) Italian (Italy) Spanish (Spain) Finnish (Finland) Swedish (Sweden) Norwegian (Norway) Danish (Denmark) Dutch (Netherlands) Czech (Czech Republic) Simplifies Chinese (China) Japanese (Japan)


Page 9

KBOX 1000 SERIES


OS Support DetailKACE impact terminology based on the PatchLink Update content closely follows the vendor impact terminology for vulnerability criticality. Each operating system has a vendor-specific impact rating and the mapping to KBOX terminology is described in this section. KACE and Lumension tend to increase or round-up the severity of the impact rating. For instance, Microsoft classifications for Critical, Important, and Moderate patches are all classified as Critical. The following table details the classification of patches that are supported for each supported OS and the impact level use for each. Text in dark green color represents recent information update.Table 4: OS Support Detail Target Impact MappingVendor Apple Patch Type OS Security Updates Application Security Updates MAC OS Version Updates Microsoft Critical Security (English) Critical Security (Simplified Chinese) Critical Security (Traditional Chinese) Critical Security (Intl) Important Security (English) Important Security (Intl) Moderate Security (English) Moderate Security (Intl) Low Security (English) Low Security (Intl) None Security (English) None Security (Intl) OS Service Packs (English) OS Service Packs (Intl) Application Service Packs (English) Application Service Packs (Intl) Junk Email Filter Updates Malicious Software Removal Tool Windows Defender definition updates X others AntiVirus (AV) Updates X X X X X X X X X X X X X X X X X X X Critical X X X Critical-01 Recommended Virus Removal

Note: The Antivirus vendor updates are posted twice a week, typically on Wednesdays and Fridays.


Page 10

KBOX 1000 SERIES


Table 5 below shows the mapping of Microsoft severity ratings to KBOX patch Impact ratings. Table 5: Microsoft Severity mappings to KBOX Impact ratings Vendor Microsoft Critical Important Moderate Service Packs Junk Email Filter Updates Patch Type Critical Recommended

Once content is superseded, the superseded content is marked as Critical-05 and this is reflected in the KBOX Impact rating.


Page 11

KBOX 1000 SERIES


KACE Corporate BackgroundKACE is the leading systems management appliance company. The award-winning KBOX family of appliances delivers easy-to-use, comprehensive systems management capabilities. KACE customers usually install in one day and enjoy the lowest total cost compared to software alternatives. KACE is headquartered in Mountain View, California. To learn more about KACE and its product offerings, please visit http://www.kace.com or call 1-877-MGMT-DONE. Helpful Links: KBOX Systems Management Appliances KBOX Systems Deployment Appliances Virtual KBOX Appliances

Contact KACE1616 North Shoreline Boulevard Mountain View, California 94043 (877) MGMT-DONE office for all inquiries (+1) (650) 316-1050 International (650) 649-1806 fax European Sales: [email protected] Asia Pacific Sales: [email protected] Sales and partnering: [email protected] Support: [email protected] Other Information: [email protected] On the Web: http://www.kace.com


Page 12

kbox patch support

Documents

quality patch content

patch content development

patch deployment

patch metadata

patch availability

content team

patchnaming convention

kace sanity checks patch