Shavlik Team Takes the ALS Ice Bucket Challenge

Shavlik Vice President Rob Juncker brings IT deployment models to the ALS challenge. Rob, who was nominated by Pertino CMO Todd Krautkremer, nominated Odell Tuttle, VP of Engineering at SportsNGin, Stephen Poppe, CIO at Roto-Rooter, and Pat O’Day, CTO at BlueLock.

 

In the photos below, Shavlik team members Chris Goettl, Kate Borsheim, and Anne Steiner also take the plunge.

chirsKateAnne

Shavlik Protect 9.1 Patch 1 released

PatchWithoutBorder

Shavlik Protect 9.1 Patch 1 is now available.  The update includes fixes for 18 customer reported issues.  The Patch is available for download from the Shavlik Protect downloads page as of yesterday.

We will be monitoring adoption rates and will set the patch for auto update for Protect 9.1.4334 in the next few weeks.

 

 

The Communicator’s Corner: How Shavlik Products Leverage Cloud Computing

Over the last few years the term “cloud computing” has become a regular part of our everyday vernacular. Most of us have a pretty good feel for what cloud computing has to offer, but how does it apply to Shavlik products? Specifically, how are Shavlik products taking advantage of cloud computing? How is it improving our products, and how is it providing benefits to you, our customer? Continue reading

Third-Party Patch Add-on for SCCM: Extend or Invest?

SCCM Plug-inYour company has made the decision to use Microsoft System Center as your systems management solution. You have spent months and precious dollars getting all of the moving parts to work together. Congratulations, you are now a fearless SCCM user!

Now it’s working well for most things, but one question keeps nagging at you, “What about third-party application patching?” Continue reading

Microsoft pulls MS14-045 and recommends uninstall if you have already deployed

BSODLate last week Microsoft revised MS14-045 removing links from the Download Center for security update 2982791.  Microsoft updated KB 2982791 documenting three known issues that have been verified causing Microsoft to pull the download links for the update and recommend uninstall of four specific KBs.  The worst of these issues is a possible blue screen.  If you have installed any of the four updates, Microsoft recommends uninstalling them and waiting for a re-release of the updates.

  • KB2982791
  • KB2970228
  • KB2975719
  • KB2975331

Shavlik recommends that all Shavlik Protect customers uninstall the updates and also go into the Patch View in Shavlik Protect and search for MS14-045.  Select all variations of MS14-045 and right click and delete them.  This will ensure the version of the patch with the known issues is removed from the console.

Customers with Distribution Servers should also take steps to delete the patches from the distribution servers in their environment.  You can right click in the patch view and go to column chooser.  Drag the Download File Name into the Patch View grid allowing you to see the name of the patches.  Find and remove these from the distribution servers in your environment.

 

Blue Screen (Stop 0×50) after applying update KB2982791 to Windows 7

BSOD

Reports have started popping up regarding a Blue Screen of Death (BSOD) after applying MS14-045 to Windows 7 systems. If you are seeing issues please go to this Microsoft forum post and let them know. Microsoft MVP Susan Bradley and others have started a support case with Microsoft and are asking for anyone else who sees these issues to let them know so they can collect all possible information in one place and help Microsoft quickly find and resolve this issue.

All is not doom and gloom, however. Many reports for members of PatchManagement.org (mailing list focused on patch management issues), have reported successful deployment of these updates. The Shavlik Content Team did not encounter the BSOD during our Patch Tuesday testing. LANDESK and Shavlik employees have not reported issues either. I personally deployed 11 updates including MS14-045 (KB2976897 and KB2982791) to my own Windows 7 x64 system on Wednesday morning without issue. So, while this is not an epidemic affecting all deployments of the Kernal-Mode Driver patch, it should prompt Admins to take a little extra time to test if possible.

 

 

August Patch Tuesday Advanced Notification

We have a big Patch Tuesday this month.  Microsoft started by releasing 8 updates and slipped in a later 9th later in the week last week.  That is just the beginning.  As of this morning we have updates from Opera, Picasa, Adobe Acrobat, Reader, Flash 13 and 14, and AIR, with likely appearances by Chrome (high likelihood) and a possible FireFox (have had a beta out for some time and likely to release soon).  A couple of things to look out for.  There is a Critical IE, which is likely the continuation of resolving a large number of memory corruption issues starting with the June IE resolving around 60 vulnerabilities and continuing in July resolving about half that many.  There is a SQL patch this month which will need some attention in testing and there is also a .Net patch resolving a Security Feature Bypass.

Security Bulletins:

  • 2 bulletins are rated as Critical.
  • 7 bulletins are rated as Important.

Vulnerability Impact:

  • 3 bulletins address vulnerabilities that could allow Remote Code Execution.
  • 4 bulletins address vulnerabilities that could allow Elevation of Privileges.
  • 2 bulletins address vulnerabilities that could lead to Security Feature Bypass.

Affected Products:

  • All supported Windows operating systems
  • All supported Internet Explorer versions
  • Microsoft SQL Server
  • .Net Framework

Join us as we review the Microsoft and third-party releases for August Patch Tuesday in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, August 12th at 11 a.m. CDT.  We will also discuss other product and patch releases since the July Patch Tuesday.

You can register for the Patch Tuesday webinar here.

Internet of Things Makes Patch Management Unruly

MediaCabinetWhen installing my new television the other day, I found that I had to install a new network switch in my multimedia cabinet.  It turns out that the new TV had a place to plug in a network cable and being naturally curious, I wanted to find out what I got when I plugged the Television into a home network.  It turns out I get the same things that I already have on my DVD player, my Tivo, my AppleTV, my receiver, and my Windows Media PC.

OK, you got me.  I’m a nerd when it comes to my entertainment center.  Who else needs a 6-port switch for their entertainment center?  I know wireless exists, but Gigabit Ethernet is the way to go for streaming content from my other Windows computers and from the Internet.  All of this is very cool and very geeky. Gartner describes this as the Internet of things.

The other day my DVD player graciously reminded me that its software was out of date and needed a firmware upgrade.  It took about 20 minutes before I could watch a DVD frustrating me and the kids waiting to watch the movie.  The Tivo just updated overnight.  The Windows Media Center updates what seems like just about every time I use it and the AppleTV mysteriously has new icons for me to play with every time I switch over to it.  Who’s tracking all these updates?  I’m hoping they give me new features but more importantly, I’m hoping they keep me secure.

HomeAutomationTake this to the next level.  My buddy has connected all his lights, thermostat, home security, doggy door, and who knows what else to the Internet.  It’s gotten to a point that home thieves don’t need to know how to break glass or work a lock, they need to know how to hack your home security.

With all of these devices connected to the internet, how secure are you? HP investigated the companies who create these products which include intelligent appliances, garage door openers, sprinkler controllers, remote power outlets, etc and found them to be lacking some basic security measures.  These include plain text communication, storing passwords that were easy to hack, and stored and unencrypted personal data.  Do you know if you name, address, or even credit card information is stored on your garage door opener?

On the bright side, these vendors are coming up with clever ways to at least update these devices from the Cloud, sending down new firmware to fix security issues.  However, how do you know if you have the latest software on these devices?  How do you know if your personal information is encrypted and your data safe?

What if you are a business and you have some of these devices in the workplace.  Is it IT’s responsibility to secure these devices?  This poses a question of “who is responsible for securing and updating the Internet of Things?”

Share with me your thoughts on what IT is doing to prepare for the Internet of Things?  What are some of the ways patch management will change in the future?

The Communicators Corner: Demystifying Distribution Servers

This is the first of many “meat and potatoes” blog articles that I will be writing throughout the course of this year. In this article, I am going to talk about one of the most useful, but also one of the most underused and misunderstood, features in Shavlik Protect – distribution servers.

Most of you are familiar with Shavlik Protect and love it for how it simplifies your patch, threat and power management activities. But you may not be familiar with distribution servers, or you may be reluctant to use them because they don’t seem simple to implement. While it’s true that distribution servers add a level of complexity to your administration activities, in many cases they are well worth the effort for the value that they add. Continue reading

Integrating with 3rd Party Components: Why Java is still not being updated in your environment.

With the Oracle CPU fresh in our minds I thought this would be a good time to discuss a well-known issue for IT Admins around the world;  updating Java only to find it breaks something in your users environment.  More importantly updating Java only to find that a mission critical app is broken.  Java is running everywhere.  It is one of the most popular development languages and responsible for a significant chunk of cool web development that has occurred over the past decade.  The Jave Runtime Environment (JRE), which renders all of the awesomeness that is Java, quickly turned into the bane of many an IT Department.

According to Cisco’s 2014 Annual Security Report, Java was involved in 91% of web exploits and the majority of those exploits were for versions of Java that were outdated and vulnerabilities that the vendor had already plugged.  That is a pretty staggering number and The Java Logomakes one wonder why you would choose to utilize a product that relies on Java.  So where does the fault lay?  Is it Oracle and prior to them, Sun to blame for the vulnerability of their development toolkit?  To a point, yes, you can say they are responsible, but they also resolve MOST of the known vulnerabilities that are identified in a timely manner (and have improved significantly over time).  There is still a bit more blame to go around however.

You can google ‘java upgrade issues,’ and you will find ample evidence as to why an IT Admin would be a little gun shy around a Java update.  FireFox, Netscaler, printing issues, and especially Minecraft (heaven forbid!) can all be found in the first page of recent Java upgrade issues.  Some others that typically occur are those back office applications that make the business run.  ERP solutions or other critical apps that help you ship product, process orders, etc., could all rely on Java.  Break those and you may be talking about an RGE (Resume Generating Event).   So, no one party really is to blame here.  We have Oracle trying to resolve vulnerabilities in a timely manner and improving on that front.   How about the vendors and the companies who are running Java?  You may need to evaluate a little closer to home and see why you are not upgrading.

Ask your venders:

  • If the latest version of their product supports the most recent Java updates?
  • Do they support updating Java as new versions are released?
  • How do they communicate whether the latest Java update will be compatible with the version you are running?

Ask yourself:

  • Are we running the latest version of the vendors software?
  • What are the limitations to upgrading?  Customization that would not be supported if you upgrade, cost of upgrading, etc.
  • What is your exposure by not upgrading?

The IT world is full of exceptions to the rule.  For every exception there is some risk.  Have you evaluated that risk and have you mitigated your exposure?

Things you can evaluate if you know you have a dependency on an outdated version of Java:

  • Are only required users able to access the outdated versions of Java?
  • Can the privilege level of the users who need to run on the at risk machine be reduced to mitigate exposure if certain vulnerabilities are exploited?
  • Are the machines running Java able to be virtualized and segmented from parts of the network that have direct Internet access?
  • Can you lock down the machine in question to only allow access to the one application Java is needed for and all other web browsing, email, etc.  be locked down?