|
|
The complete list of all the patches for Windows, Red Hat and Debian operating systems and their related applications, that is obtained from the Central Repository Server during a Vulnerability Database update, is displayed in the Patch Information view.
To get to this view, click on the "Patch Information" tab. The patches for the different Windows operating systems and applications are listed in the first view. You can click on the 'Red Hat' and 'Debian' links to view their respective patches
Any patch which fixes a security issue or loop hole in a software application is termed as a Security update. Windows Security updates are released monthly in the form of bulletins from Microsoft. Example bulletins are: MS06-65, MS04-23 etc.
Missing security patches compromise the security of your systems and have to be applied to protect against system vulnerabilities that can be exploited. Therefore, security patch detection & patching is the core functionality of PatchQuest.
Security Patches are classified in the 'Security Updates' tab in the Patch Information view as well as in the Scan Result view.
From release 4.3 (build 4300), PatchQuest supports detection and patch deployment of Non-Security updates for Windows systems. A Non-Security update, according to Microsoft, is a broadly released fix for a specific problem addressing a critical, non-security related bug (say a fix for a performance problem, feature upgrade, scalability issue, feature breakage, tools etc.). These updates are generally available to users via Windows Update (WU) / Automatic Update (AU).
Non-Security Patches are classified in the 'Non-Security Updates' tab in the Patch Information view as well as in the Scan Result view. They are assigned a dummy bulletin ID in PatchQuest - starting with MSWU.
When scanning systems, you will have an option in the Scan Configuration screen to select if you need to scan for Non-Security patches
You can filter the patches for Windows OS, based on the OS language. Select the language of your choice from the drop-down list provided and view the patches for the corresponding language. Also learn more about setting the default language here.
In order to find a set of patches for a particular category, you can use the filter provided in the view to search based on a Product Category (Windows 2000 Server, MDAC 2.6, Red Hat 7.2 etc) and its associated Service Pack (SP1, SP2 - Windows only) or Package Group (x11, samba etc. - Linux).
You can also search for patches based on the CVE ID associated to the vulnerability that the patch addresses. CVE (Common Vulnerabilities and Exposures) is a list of common names for publicly known vulnerabilities and exposures. The CVE Editorial board determines which vulnerabilities or exposures are included in CVE, through open and collaborative discussions. If the CVE name starts with CAN (candidate), then it is under consideration for entry into CVE.
Searching based on CVE ID
In order to perform a CVE ID based search, perform the following steps :
New patches - The patches labeled as 'New' are the ones that have arrived on the latest Vulnerability Database update. This category is assigned is purely based on when the update of the vulnerability database has been done and not on the time of patch release. These patches can be explicitly viewed by clicking on the 'New' link on the top of the screen.
Obsolete patches - These are patches that are outdated and have
another patch that is more recently released and has taken its place
(Superseding Patch). These patches are represented by this icon - 
against the patch name in the detailed patch list table. If these patches are
missing, you can safely ignore them and deploy the patches that supercede them
(Refer Superseded By column in the table)
Informational items - There maybe some vulnerabilities for which PatchQuest is not able to determine if the appropriate patch or workaround has been applied. There could also be patches for which manual intervention is required. These are categorized as Informational Items.
They are denoted by this icon - 
in the Availability Status column in the table. Remediation of these issues
usually involves a configuration change or workaround rather than a patch.
Therefore you will not have a checkbox against these entries in the table. You
may ignore these once you have applied the patch or evaluated your system and
made any needed configuration changes. Refer to the respective bulletin against
the item or read the Patch Comment for more details
Severity - The severity of a patch determines the importance of the patch. They are classified as (in the decreasing order of severity) ) : Critical (C), Important (I), Moderate (M), Low (L) and Unrated (U). These severity ratings are as per the bulletin or advisory information or as a result of patch assessment done by AdventNet. Severity for every patch can be identified by the respective icons in the 'Severity' column.
The Patch Information view is enriched with pie-charts which present 'at a glance' information about the patches. To view the graphs, click on the 'Graphical View' link above the Product Summary table. The different types of patch status displayed in the pie-charts are :
Each item on these charts is a link, on clicking which you will be led a corresponding patch list in the table view down below the graphs.
Clicking on the 'Bulletin ID' link will display details of the Bulletin - which is a report on a patch or set of patches published by the software vendor - with link to the vendor site, date of posting the bulletin, its respective FAQ page in the site and a summary of why the bulletin or advisory was introduced.
Clicking on the 'Patch Name' will lead you to the Patch Details view and from here, you can view the File & Registry Change details for this particular patch.
Clicking on the 
icon in the menu option that appears on mouse-over 
icon against the patch name, displays a report on the different patch
management tasks (Patch Download & Patch Deployment) scheduled for this
patch. If there are no tasks scheduled, then this icon is grayed out 
in the menu option that appears on mouse-over
icon against the patch name, for any patch. In this view, you can view what patch
management task has been performed at what time, its status and associated
remarks on task completion. If there is no historical information for a patch,
the icon will be grayed out 
Deploy a patch to many systems - From the patch information view, you can deploy a patch to multiple systems (1 patch to many systems) and any number of selected patches to multiple systems (many patches to many systems). Select the patches you wish to install and click on the 'Deploy' button. This will display a screen wherein you will be able to see a list of systems, in which a selected patch is missing and another list in which it is installed. Note that this list is based on the latest scan results in PatchQuest.
You can choose from the systems which require the selected patch(es) and click on the Deploy Missing Patches button.
Deploy patches to system groups - Patches can be selected and deployed to an entire system group, based on their missing status. Select the patches you wish to install and click on the 'Deploy To Group' button. This will display a screen wherein you will be able to see a list of system groups created in PatchQuest. Now select the system groups to which the chosen patches need to be applied. You can apply the patches to one system group or to many system groups. From here click on the 'Submit' button. The screen displayed shows a list of systems (belonging to the selected groups alone) in which the selected patches are missing and another list in which they are installed. Note that this list is based on the latest scan results in PatchQuest.
You can choose from the systems which require the selected patch(es) and click on the Deploy Missing Patches button.
Deploy patches to one single system - Patches can be selected and checked if they are applicable to a 'particular' system. Select a patch or a set of patches and click on the Pick Host button.
From here you can select host or hosts based on a particular system name, IP address, Mode of operation (remote or agent), Operating system or version that you specify as the selection criterion. Upon selection, the set of patches selected will be verified if they are applicable of the select hosts, and then missing patches can be deployed.
Download - The 'Download Status' column will indicate whether a patch
has been downloaded from the respective vendor site in the internet, and is
available in the PatchQuest server for deployment. This status is denoted by 
.
If the patch has not been downloaded, this icon will be grayed out. You can
initiate the download by selecting the patches of interest and clicking on the
'Download' button. For more information, refer to Downloading
Patches section.
Add to Patch Group - Patches can be categorized and grouped together so that they can be managed effectively. Select the patches and click on the 'Add to Patch Group' button. For more information, refer to Grouping Patches section.
User comment - Clicking on the 
icon in the menu option that appears on mouse-over
icon against the patch name, to add or view user comments. Comments provided by a
user or administrator about a particular patch, can be viewed here. Existing
comments can be edited or new comments can be included.
Patch comment - To view Patch Comments, click on the 
in the menu option that appears on mouse-over
icon against the patch name. These comments are available only when the
PatchQuest Assessment module includes them for specific patches, many Informational
Items. You can only view these comments and take appropriate action.
|
|