Client Management Suite

I am having issues deploying the MS09-074 patch.  I have 134 users who are vulnerable and only one of these users received the patch and this is because he used Microsoft's Update site to receive it.

I checked to see if the task was executed and it was.  It shows the .bat patch file as having succeeded.  I also checked the execution time and it was executed at the proper time and succeeded.  However it still shows the user(s) as vulnerable.

Anything else that I can check?  Any reason as to why this patch may not be working?  Any help would be appreciated.  Thanks in advance.

question, so I'll apoligize in advance for asking, but did the systems reboot after the patch?

So I went to the reports that have "Reboot Status"... I wasn't sure exactly what it meant but I shoot you the stats:


Figured this was more about the installations aspect:
123 - Executions

123 - Completed

Then under Reboot Required is says - *1

I right clicked on the bulletin MS09-074 and chose "Computers Requiring a Reboot":

A list came up with a bunch of machines however next to each machine under the column "Needs Reboot" False is written.

Let me know what you think.

depending on how the data is presented (or if you have the most up to date reports or not) could not be telling the full story. I guess I would pick one system that should be listed as being patched and force a reboot, and see if it shows up as being patched.

Do you reboot after patching? Or do you let the users do it themselves?

And the reports is still showing no one having received the patch.  Anything else I can check?  Is anyone else having this issue?

as outlined in Altiris KB46144? Two other nice tools are the  SUA Dignostic tool, and the Single Rule Evaluator. If you can run through some of the simple tests, it may show an issue with the rule. I haven't heard or seen one in particular, but it could depend on the OS, and Software installed on the system. I know there have been some issues in the past with the different versions of MS Office on the systems.

Hi CBriscoe,
What SP of Project do you have installed?  Are you getting exit code 0 or 3010 or some other code (1605 maybe)?  I've seen this before depending on how the original package was installed and the options selected.  We've been hit by this with Visio frequently in the past where the patch keeps reinstalling.  As Jim suggests it comes down to the way the rule is written.  If the patch contains an update for a certain .DLL file, but the installation options you chose for Project didn't install that file, then when the patch runs it won't install that particular file since it wasn't there to begin with.  The issue is that the Altiris rule expects the file to be there and be a certain version or higher to be flagged as "non-vulnerable" or patched.  So I would suspect that the rule is checking for a DLL which isn't there, which in turn results in the machine being flagged as vulnerable for that update/bulletin.  The same goes for a particular registry key which should exist but if it isn't being created could cause the same issue.

Looking at the rules as Jim suggests should help determine which file is missing.  You can also look at the MSKB article for that patch and see a list of the files/file versions that are included, and compare manually to see if you have all of those files.

Cbriscoe,


I'm seeing the same issue 13K plus machines without the patch..  I've checked all the files and versions from the is installed rule and found the issue.

Cbriscoe,

Can you check the following path and see if this file is present?

C:\Program Files\Common Files\Microsoft Shared\Microsoft Office Project 11\MSWARP.DLL
The version shold be 11.3.2007.1529

Thank you very much for all of your help.  You are correct.  This .dll file is not present.  How do I get these users this patch if the .dll file is not present?

Most likely the patch has applied on your computers and they are still reporting as vulnerable. 


Run the "Task Execution by Computer" report in patch management, select the "Project2003-KB961082-FullFile-ENU.exe for MS09-074" for software update task.  This will show the machines that have ran the patch and their return codes.

I opened a ticket with Patch Management team yesterday and will let you know the outcome.

I have run this previously and it has been successful on many machines.  The problem is that we uitlize these reporting functions that show our patch compliance per vulnerability.  As of right now of course, for this patch we are at 1%.  Will this be fixed via the ticket you have opened with the Patch Management Team?

Once again, thank you for you help everyone.

CBriscoe,
Glad we were able to help.  Your reports will still show low compliance until Symantec updates the PMImport.cab file with revised detection rules for this patch (which don't show "vulnerable" if the missing DLL is not installed).  I have flagged this thread for support escalation; between that and lotsill's ticket it should bring the issue to Symantec's attention so a revised PMImport can be created to include this fix.  Lately there have been releases on the 2nd and 4th weeks of the month; not sure how the upcoming holidays will impact that.

Looks like this is on track to be resolved:

 https://kb.altiris.com/article.asp?article=50770&p=1
 

This has been corrected (per release notes) in the January 2nd week PMImport:
https://kb.altiris.com/article.asp?article=50974&p=1