Congratulations – you survived the keynote with Stan & Ollie

Congratulations – you survived the keynote with Stan & Ollie

10 min is all it takes - Managing Microsoft & 3rd party updates with SC 2012 Configuration Manager

Kent Agerlund

Who am I Kent Agerlund

Chief System Management Architect Coretech A/S, Denmark Microsoft MVP: Enterprise Client Management Microsoft Certified Trainer, MCITP Enterprise Admin

I love questions – but DON’T ask me about hockey and the world cup

Agenda Patch Tuesday

Let’s spend 5 min together Why worry about 3rd party updates What are your options

SCUP 2011 (System Center Updates Publisher) Solarwinds Secunia

So….What is patch management?

PDPatch Deployment

PC

Patch Creation

+

Vulnerability Scanning

VS +VI

Vulnerability Intelligence

+ PM=

Plan for Software Updates Define you Update process

Pilot environments Servers with automatic restart Servers with manual requirements Logically grouped servers Workstations in production Excluded devices

Define you SLA’s When is your Boss a “Happy Camper” Can you track compliance

Collection design Maintenance Windows

CD+IT+RT=MW

Workstation restarts Automatic restart? No restart = No compliance = No Make sure you have a restart plan Create custom report

Last Computer Restart

Give me 5 minutesDEMO Wake up it’s, Patch Tuesday or early Wednesday

Microsoft Programs

14%Third Party Programs

86%

Why worry about 3rd party Business

View

Criminals

ViewWhat criminals

attack

Business criticalprograms

Programs you know about

Programs you don’t know about

What do you patch today

Vendors

The numbers speaks for themselves – TOP 50 apps

Cybercriminals know:patch available

≠

patch installed

Vulnerabilitiesin 2012 TOP 50 Apps

1137

421 in 2009229 in 2007

0 10 20 30 40 50 600%

20%

40%

60%

80%

100%

Percentage of risk remediated by patching N programs

Number of programs patched

Perc

enta

ge o

f ris

k re

med

iate

d

Patching N of 200 programs

80% risk reduction achieved by either patching the 12 most critical programs, or by patching the 37 most prevalent programs

12 37

Strategy 2: By CriticalityRisk remediated by patching the N most critical programs

Strategy 1: StaticRisk remediated by patching the N most prevalent programs

Where to begin

Are we doomed?

SCUP 2011

SCUP 2011 What is SCUP

Authoring tool Publishing tool

3rd Party Updates with SCUP Same experience for all updates in ConfigMgr Supports EXE, MSI and MSP based updates MSU workaround :

http://blogs.technet.com/b/dominikheinz/archive/2011/10/17/deploying-custom-msu-updates-with-sccm-and-scup.aspx

SCUP Process Flow

Author customSCUP catalog WSUS Server

Catalogs downloaded from web

ConfigMgr ServerSCUP Console

Publish Updates Sync Updates

ConfigMgr Clients

Scan Updates Deploy Updates

Author Updates

Import Updates

The signing certificate Used by SCUP to sign updates

Trusted Publishers Trusted Root

Configure WSUS GPO Allow self signed certificates

Create the self-signed certificate with SCUP External certificate - http://

blogs.msdn.com/b/steverac/archive/2011/09/18/using-system-center-update-publisher-2007-with-verisign-certificates.aspx

KB2720211 & KB2661254

Available Catalogs Free catalogs

Adobe Reader and Flash

Dell Client and Server updates

Hewlett-Packard Client and Server updates

Fujitsu ConfigMgr Cumulative updates

$$ catalogs SCUPdates from Shavlik, VMWARE

no wait today it’s LANDESK PatchMyPC

SCUPDEMOPatch ConfigMgr clients…..the easy way

Secunia

Secunia Products

CSI – Corporate edition SSB – Small Business edition PSI – Consumer and free

Cloud Based solution Database contains vulnerabilities in

software products since 2003 40k+ programs, applications and

plug-ins from thousands of software vendors

Automated patch repackaging Fully integrated with 2012

Reporting Integrated with Configuration Manager Custom Dashboard Custom reports E-Mail subscriptions

Deploying patches Custom created Secunia packages

Silent installations Can detect running applications like JAVA

Script support PowerShell VB Java

Updates are injected into WSUS

SecuniaDEMO3rd party patching

UTVÄRDERING Fyll i utvärderingen så att vi kan bli

ännu bättre till nästa gång! Antigen via länken du fick med

din biljett eller vid någon av datorerna i TrueSec:s monter

Tävla samtidigt om en HP Elitepad 900 (Vinnaren presenteras i Utställarfoajén direkt efter sista sessionen).

KVÄLLSMINGEL Best of MMS avslutas med ett

gigantiskt mingel på närliggande Dubliner direkt efter dagens sista session!

Microsoft och LabCenter bjuder på god öl och ett unikt tillfälle för experter, branschkollegor och eventdeltagare att mingla tillsammans.

Vi ses väl där?