Presentation is loading. Please wait.

Presentation is loading. Please wait.

PatchDeploy Behind the Scenes Dardan Shkreli +41 41 748 22 04

Similar presentations


Presentation on theme: "PatchDeploy Behind the Scenes Dardan Shkreli +41 41 748 22 04"— Presentation transcript:

1 PatchDeploy Behind the Scenes Dardan Shkreli

2 2 (c) 2004 Brainware Solutions AG Agenda What is „Patch Day“? Benefits of Columbus Patch Deploy Supported Products The Workflow Next Steps Questions & Discussion

3 3 (c) 2004 Brainware Solutions AG What is „Patch Day“? Microsoft products always “under construction“ Security issues, vulnerabilities, bug fixes Updates published 2nd Tuesday of each Month

4 4 (c) 2004 Brainware Solutions AG Benefits of Columbus Patch Deploy Tested in advance Correctness, Revisions, Adjustment Management One place to manage Delivered like software packages through Columbus Control and reduce risk You decide which patches to deploy, when, and to which clients Grouping Make custom deployment groups: OS, SP, Severity, Clients, Sites Efficient Target only candidate clients, schedule deployment

5 5 (c) 2004 Brainware Solutions AG Supported Products OS (Workstation/Server) MS Office (XP, 2003, 2007) Over 230 products Five languages OSVers.SP32bit64bitLanguage ENGEFRJPIT Win 2000Professional WSSP4 √ √√√√ Win 2000Standard ServerSP4 √ √√ Win 2000Advanced ServerSP4 √ √√ Win 2003 ServerStandardSP1 √ √√ √ Win 2003 ServerStandardSP2 √ √√ √ Win 2003 ServerEnterpriseSP1 √ √√ Win 2003 ServerEnterpriseSP2 √ √√ Win XPProfessionalSP2 √ √√√√√ Win XPProfessionalSP3 √ √√√√√ Vista SP0 √√√√√√√ Vista SP1 √√√√√√√ Win 2008 Server SP1 √√√√√√√

6 6 (c) 2004 Brainware Solutions AG The Workflow   Analysis OS, SP, Products, Severity   Development ENU, DEU, JPN, etc. Severity   Testing Detection, Installation, Verification   Publishing Catalogs, Encryption, Backup

7 7 (c) 2004 Brainware Solutions AG Analysis First steps - Security Bulletin Analysis (OS, SP, Products, Severity) Filtering (SLA) Infrastructure

8 8 (c) 2004 Brainware Solutions AG Security Bulletins – KB Articles Each Patch analysed Prerequisites, Sources, File Info, Command lines Development

9 9 (c) 2004 Brainware Solutions AG Patch creation Methods Snapshots (Package Maker), MSI, Copy, Combination Architecture Development [Package] Description=KB / MS Cumulative Security Update for ActiveX Killbits for Windows XP (KB950760): SP2-SP3 Identifier= MS BWP BWS Language=ENU Version=01 Patch=0 Platform=XP AllowConditionalUsage=0 Usercondition=File '*.*' Clientcondition= (reserved for future use only) Servercondition= (reserved for future use only) ; When should the package be released ? ; e.g. ServerReleaseDate= ServerReleaseDate= ClientReleaseDate= UserReleaseDate= FriendlyInstallText= OrderType= Friendly=YES Category=#Microsoft Patch# Active=3 ; Repetitive Jobs ; Repeat=EachTime ; This section allows you to define, in which CCC groups the package ; automatically should be inserted [Groups] OS Patches ENU_XP__SP2 OS Patches ENU_XP__SP3 [PatchManagement] Severity=2 BrainwareID={78F07EDF E-AAEE B6FC6D} IsPatch=1 Vendor=Microsoft KBID= [Summary] This security update resolves a publicly reported vulnerability for the Microsoft Speech API. The vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer and has the Speech Recognition feature in Windows enabled. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes a kill bit for software produced by BackWeb. [Checks] if not '%_OSMajorVersion%.%_OSMinorVersion%' = '5.1' then Exit 'Not applicable. Required: Current: %_OSMajorVersion%.%_OSMinorVersion%' '1' if Not FileLanguage '%_WindowsSystem%\browselc.dll' = 'ENU' then Exit 'Not applicable - wrong language.' '3' RegRead 'HKEY_LOCAL_MACHINE' 'SYSTEM\CurrentControlSet\Control\Windows' 'CSDVersion' '_SPLevel' /Machine if '%_SPLevel%'='' then Set _SPLevel='0' /Machine if '%_SPLevel%'='512' then goto SP_OK if '%_SPLevel%'='768' then goto SP_OK Exit 'The current Service pack is not supported.' '5' :SP_OK RegRead 'HKEY_LOCAL_MACHINE' 'SOFTWARE\Microsoft\Updates\Windows XP\SP4\KB950760' 'InstalledDate' '_KB950760_InstalledDate' /Script if '%_KB950760_InstalledDate%'='' then Exit 'Registry indicates missing (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\Windows XP\SP3\KB950760\InstalledDate)' '102' Exit 'Installed' '120' [UserAdd] [ClientAdd] ;#STARTCRYPT# if '%_NoPatchInstallationChecks%'='1' then goto INSTALL if not '%_OSMajorVersion%.%_OSMinorVersion%' = '6.0' then exit 'Invalid operating system. Required: Current: %_OSMajorVersion%.%_OSMinorVersion%' 'PDW001' if not '%_OSType%' = 'NT_WORKSTATION' then Exit 'Invalid operating system. Required: NT_WORKSTATION - Current: %_OSType%' 'PDW002' if '%_64BitOS%' = '1' then Exit 'Wrong type of OS - only for 32Bit OS' 'PDW011' RegRead 'HKEY_LOCAL_MACHINE' 'SYSTEM\CurrentControlSet\Control\Windows' 'CSDVersion' '_SPLevel' /Immediate if '%_SPLevel%'='0' then goto SP0_OK if '%_SPLevel%'='256' then goto SP1_OK Exit 'The current Service pack is not supported.' 'PDW005' :SP0_OK if not '%_DirectXMainVersion%' = '9' then exit 'This version of DirectX is not supported. Required: 10 - Current: ' 'PDW001' if FileVersion '%_WindowsSystem%\quartz.dll'!<' ' then goto File_OK :SP1_OK if not '%_DirectXMainVersion%' = '9' then exit 'This version of DirectX is not supported. Required: 10 - Current: ' 'PDW001' if FileVersion '%_WindowsSystem%\quartz.dll'!<' ' then goto File_OK if '%_PkgReinstall%'='1' then goto File_OK Exit 'No requirements met.' 'PDW090' :File_OK :INSTALL ;#ENDCRYPT# ;SetSystemRestorePoint /Daily /NoErrors if '%_AllowPatchesUnistall%'='1' then goto AllowUninstall goto NoUninstall Security Bulletins – KB Articles Each Patch analysed Prerequisites, Sources, File Info, Command lines

10 10 (c) 2004 Brainware Solutions AG Testing/Infrastructure Combined testing - automated/human Analysis & Infrastructure for testing Static test Source check Command lines Severity Description Passed! 1 Patch = Different OS/Products

11 11 (c) 2004 Brainware Solutions AG Testing/Infrastructure Combined testing - automated/human Analysis & Infrastructure for testing Live tests Download Recognition Installation Verification Static test Source check Command lines Severity Description Test against MBSA, Windows Update, SMS, … Passed! Patch OK!

12 12 (c) 2004 Brainware Solutions AG Publishing Last checks (syntax, coverage) Expand Product, Service Packs & Patch Catalogs Encrypt files Place created patches into web server Test download of catalogs from web server Backup Inform Helpdesk about published Patches How do the clients get their patches ? Columbus – Patch Deploy Module Patch Deploy Agent

13 13 (c) 2004 Brainware Solutions AG Next steps… Microsoft (…x64) Adobe McAfee Others

14 14 (c) 2004 Brainware Solutions AG Questions & Discussion ?

15 15 (c) 2004 Brainware Solutions AG Thank You Dardan Shkreli


Download ppt "PatchDeploy Behind the Scenes Dardan Shkreli +41 41 748 22 04"

Similar presentations


Ads by Google