July Patch Tuesday Advanced Notification

PatchWithoutBorder

Microsoft has announced this month’s Patch Tuesday release.  It looks pretty clean at first glance.  IE with a lot of OS patches and likely nothing all that complex.  The one thing to watch for will be the possibilities of more dependencies.  For those running Windows 8.1 or Server 2012 R2, make sure you are prioritizing Update 1 to be rolled out.  Next month is the cut off after Microsoft extended the Update 1 required for continued patch support on those platforms. There are 6 total patches expected to be released on Tuesday, July 8th. Here is the breakdown for this month:

 

Security Bulletins:

  • 2 bulletins are rated as Critical.
  • 3 bulletins are rated as Important.
  • 1 bulletin is rated as Moderate.

Vulnerability Impact:

  • 2 bulletins address vulnerabilities that could allow Remote Code Execution.
  • 3 bulletins address vulnerabilities that could allow Elevation of Privileges.
  • 1 bulletin addresses a vulnerability that could lead to Denial of Service.

Affected Products:

  • All supported Windows operating systems
  • All supported Internet Explorer versions

Join us as we review the Microsoft and third-party releases for June Patch Tuesday in our next monthly Patch Tuesday webcast, which is scheduled for Wednesday, July 9th at 11 a.m. CDT.  We will also discuss other product and patch releases since the May Patch Tuesday.

You can register for the Patch Tuesday webinar here.

Welcome to the World of Shavlik Product Documentation

Joe Andert

Joe Andert

Hi everyone, and welcome to my corner of the world at Shavlik. For those who don’t know me, I am a technical communicator at Shavlik and I’ve been providing documentation for Shavlik products for more years than I care to admit. I’ve been with the company for all these years because the people and the products are simply the best!

When I was offered the opportunity to write a series of blog articles, I jumped at the chance. I am not in marketing so I won’t be writing flowery prose about our products. Rather, I would like to use this forum to provide some real meat and potatoes material, information you can use right now to improve the way you use our wonderful products. Sort of like those “The More You Know” public service announcements you see on TV. Continue reading

What We Learned from Microsoft System Center Configuration Manager Users

I’ve worked in the systems management arena for some time now.  Working with disgruntled Microsoft System Center Configuration Manager (SCCM) customers for most of my career, we had some assumptions going Customer Serviceinto this research.  Fortunately, the data proved us wrong.  After doing a survey of 150 IT professionals, we found some surprising (or maybe not surprising to you) finds about ConfigMgr.

1)    Configuration Manager customers actually like Configuration Manager.  Weird.  We were under the impression that many people picked SCCM because of politics or it was included in their Enterprise Agreement.  This is not the case.  In Shavlik’s study 72% of SCCM customers chose SCCM because it was the best fit.

2)    SCCM customers would like Configuration Manager to be the central hub of IT activity.  But surprisingly, 27% of SCCM customers currently use add-ins to solve problems not solved by Microsoft.  This means that either they are unaware of some of the gaps or they are solving these problems by using additional tools not integrated in SCCM.

3)    Third-party patch management was reported surprisingly high as a missing feature of SCCM – 38% of respondents selected third-party patching as a high priority. This is a great case for Shavlik Patch for Microsoft System Center an add-in solution that takes care of the third-party patching problem.  Even though Microsoft is the master of OS patching, they fall short on third-party patching and tend to leave these “treadmill”-type activities to the other vendors

Respondents expectations for a Microsoft System Center Configuration Manager add-in

Respondents expectations for a Microsoft System Center Configuration Manager add-in

4)    SCCM admins don’t want additional crap in their infrastructure.  Setting up SCCM was difficult enough.  Adding more databases, interfaces, and potentially servers and infrastructure does not constitute an “add-in” product.  Add-ins should use the native functionality of SCCM with either no additional or light additional components that are leverage the existing infrastructure and software.

If you are an SCCM admin or have experience with SCCM in your IT career, please respond to this Blog and tell me what you like/dislike about SCCM.

Protecting my Mom – Part 3 – How Easy is it to Get Hacked?

Keeping our moms safe can be a daunting task.

Keeping our moms safe can be a daunting task.

In our first installment of “Protecting my Mom” we discussed some phone phishing attack that I was targeted for. This was followed by our second part where I found myself being attacked over a Wi-Fi network that was setup for the express purposes of compromising machines that roamed onto it. In this final installment, we take on the role of an attacker and are reminded of how easy it is to be hacked.

My challenge to myself was simple,  how fast could I target a machine and compromise it using off the shelf tools. My goal: 5 minutes from start to finish. How much time did I need? The stopwatch showed a mere 2 minutes and 13 seconds. Scared yet?  — After doing that I was. After being the target of a hack twice in the span of less than a week, I decided to go from being the “prey” to being the “hunter.” How hard is it to be hacked? And if I was hacked, how long does it take me to start grabbing data that I could use? Don’t worry, I’m doing this as a bit of a test and I’m using my own Virtual Machines, so I’m not turning my abilities on any other person, it’s more of a challenge to see how hard it is. Continue reading

Did you know … ?

Did you know?

Did you know?

Here it is my turn to contribute to the Shavlik blog, and I am stricken with “bloggers’ block.” As I try to think of insightful things to say, (those who know me know I rarely say insightful things), nothing comes to mind but questions.

So in the spirit of acceptance of things that can’t be changed, let’s just go with the questions gig.

Did you know…?

  • Shavlik is hosting two webinars this week. “Getting Started with Shavlik Patch” will help new or trial users of Shavlik Patch get up and running and optimize their third-party patching process within SCCM. “Simplified Third-Party Patching for Microsoft System Center” will explain how Shavlik can help you select and deploy third-party patches all from within SCCM. Getting Started with Shavlik Patch
    Wednesday, June 18, 2014 10:00am CDT
    Register Now
  • Continue reading

Protecting my Mom – Part 2 – Wi-Fi in the Wild

In the first installment of “Protecting my Mom,” we discussed some phone phishing attacks that I was targeted for. What was a truly believable attack that would have been successful if it had targeted someone that wasn’t so computer-savvy. In this second part, we discuss a real-life attack that occurred to me at the Minneapolis/St. Paul airport while I was preparing for a flight.

Access DeniedWe’ve all been there, right?  With all the technology we have grown accustomed to in life some have theorized, either jokingly or seriously that Maslow’s hierarchy of needs should be reviewed to include a layer below Physiological needs (“Breathing, Water, Sleep…”) called “Connectivity,” which includes Wi-Fi, Ethernet, Web Browser and a terminal of some sort. In those desperate times where you are away from you home, or in a public place, you scour for available Wi-Fi.  Through my years, I’ve connected to countless networks… in fact, I just looked at my list of Wi-Fi networks that I’ve connected to and it’s well over 40. Continue reading

Message to CEOs – You are now responsible for data security

CEOs are now responsible for data security

CEOs: Get your IT house in order

It seems that the Target disaster gets even worse.  In the wake of Target losing their 35-year veteran CEO, the message is clear to CEOs: “You are now responsible for the security of your data!”

In the past companies have simply blamed IT for not having good security practices in place.  If credit card or personal data left the company due to hackers, an IT director or even the CIO would be blamed.  Many companies would shrug their shoulders, scold their IT department, and try to handle the bad press.   It was a disturbing trend. Continue reading

Shavlik Protect 9.1 Launch in Europe

I spent the last two weeks visiting some of our customers and partners in Europe.  With the launch of Protect 9.1 and the introduction of the localized version of the product we had a lot to talk about.  The first week I traveled to Geneva, Munich, Turino, and Paris and we introduced Protect 9.1 to partners in each country.   The localization feature will definitely be welcomed by current customers and will open up new conversations for German, French, and Italian companies who require a localized product before they will consider purchase.  All together, a very good week with a lot of positive feedback regarding Protect. Continue reading

Looking to continue deploying Windows XP updates?

It is patch week once again.  Although this is an application month (Microsoft usually rotates every other month for OS then Apps like office, etc.), there will likely be one critical update to IE that would concern companies continuing on Windows XP.  If you are one of those companies continuing to run Windows XP read on.

 

xp-eol-monitor

According to Gartner, “one-third of enterprises had more than 10% of their systems
remaining on XP when extended support ended”.  
Of those customers some will be purchasing a Premium Support Contract with Microsoft to continue receiving Critical Updates for Windows XP. Many of those same companies have started asking the question of how they will be distributing those patches to systems. They want the same level of quality assurance for detecting and deploying patches to Windows XP systems.  They want to do this without manually packaging, testing, and delivering the updates outside of their current solutions.  They also want compliance reporting and status on the updates being applied as their policies require. Continue reading