Client Management Suite

 View Only

  • 1.  MS13-A02 - IE8 patch

    Posted May 10, 2013 12:17 PM
      |   view attached

    Ok so MS13-A02 just came out last night. Our security team gave it a high sev rating so i have a short time to get this patch out.

    The patch shows in all 3 of my environments. DEV/TEST/PROD.

    I staged the patch for deployment. some for today at 2pm for testing. a pilot group for Monday then going to do prod later when we are supposed to have this done by. So all seems good as normal.

    I went to all of my test machines in each environment and checked all the machines in so I could manually fire off the patch install and start testing. Not on of my test machines show needing the patch. I went back to the patch, right clicked and said view targets...

    out of all 3 environments of 4000+ machines only 1 machine says it needs the patch.... Odd IE8 and we have TONS of them.

     

    is there a certain amout of time we are supposed to wait or something that needs to run before the Patch will show the targeted machines?

    I event logged into 1 machine that has IE8 and doesnt have the patch staged on it yet and the attached software bulletin details report states it applies to 0????



  • 2.  RE: MS13-A02 - IE8 patch
    Best Answer

    Broadcom Employee
    Posted May 13, 2013 10:23 AM

    Hi TeleFragger,

    Was Windows System Assessment Scan executed on affected machines?
    After new Patch Data is imported, Windows System Assessment scan files are updated and it is required to execute it on clients in order to receive the latest information about missing updates.

    Could you please execute WSAS on any of affected client and then check MS13-A02 in compliance reports. In case if MS13-A02 is still not applicable to affected client, could you please attach STPatchAssessment.log and STPatchAssessment.xml from this client. Usually these files are located at "C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\{6D417916-467C-46A7-A870-6D86D9345B61}\cache\"

    Regards,
    Roman



  • 3.  RE: MS13-A02 - IE8 patch

    Posted May 15, 2013 03:20 PM

    well this was new to me on the rush status when our infosec department deems something needs to be done quickly... so I was impatient.. I just checked and now there are 1015 for applies to so guess it is working as it should. go figure as we have 2 more that just came in as a rush.. ms13-037 and ms13-038 so guess i will give it some time before testing..

     

    marking solution..

    Thanks!
     



  • 4.  RE: MS13-A02 - IE8 patch
    Best Answer

    Posted May 16, 2013 01:36 PM

     

    To speed up patching in a test environment:
     
    For your test computer : run the  Windows System Assessment Scan and wait 2-3 minutes
     
    Run this task on the server : NS.Windows Patch Remediation Settings (while the server is not running other tasks (ignore MSCtfMonitor))
     
    Have the client check in 2-3 minutes after it has completed
     
    Patches should show up, run them manually
     
     
     
     
    For your environment in general:
     
    Check the frequency of the Patch Refresh at : Home|Patch Management|Settings|Remediation
    The Patch Filter Update Interval should have the appropriate window and run often enough to not slow down your server and make sure it is set for Repeat Daily