Educause Security Discussion mailing list archives
Re: Patching iTunes and Firefox
From: Joe Artz <joeartz () UMN EDU>
Date: Wed, 10 Feb 2010 09:02:21 -0600
For 3rd party application patching we use Microsoft System Center Configuration Manager. It works very well and has great compliance reporting. There's a big push at our University to verify patching and have reports that managers can look at and roll up. It's also as easy to patch/update 10000 machines as it is one. We also have a policy waiting in the wings that will require most machines to be patched within 10 days of a release of and update/patch, leveraging ConfigMgr we'll be able to meet with reports to prove it. I agree that Appdeploy is a great site for guidance in installing apps. We also have some units that use Secunia for scanning, but ConfigMgr can also look for any piece of software you tell it to, report on it and update it (or remove). Thanks! Joe From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin Kelly Sent: Tuesday, February 09, 2010 11:22 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Patching iTunes and Firefox Hi Lori, I agree with you that patching 3rd party applications is a challenging and time consuming part of our jobs. That being said, it's not impossible if you have the right set of tools. To patch the two applications that you asked about, I use the psexec tool that is part of PSTOOLS. It's a free download from Microsoft. The basic syntax is as follows: iTunes: psexec \\hostname_to_update -s msiexec /qn /norestart /i "\\servername\sharename\iTunes\iTunes.msi" Assuming all goes well, you will receive an error code of 0 Firefox psexec \\hostname_to_update -s "\\servername\sharename\Firefox\Firefox Setup 3.5.7.exe" -ms Again, assuming all goes well, you will receive an error code of 0. Two good resources to look at for silent installers are: AppDeploy - http://www.appdeploy.com/ WPKG - http://wpkg.org/Category:Silent_Installers We use Secunia here to help us identify insecure applications on our client workstations. It has proven to be an extremely valuable tool for us and I would highly recommend it to anyone that is responsible for maintain software applications on a Windows-based OS. They are now beta testing a patching tool that is supposed to interface a WSUS server. Looks interesting. Feel free to contact me offline if you have any additional questions about the applications that I routinely patch and how I do it. Good luck! Kevin Kelly Institute for Advanced Study Princeton, NJ USA -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv on behalf of Christianson, Lorrayne K. Sent: Tue 2/9/2010 10:59 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Patching iTunes and Firefox We are reviewing the products we place on our "standard image" and, as in years past, are faced with more and more products which our clients want, but are hard to patch and keep secure. So we are looking for feedback on how others are dealing with patching products such as iTunes and Firefox. Lori Christianson Associate Director-Client Services Information Resources & Technologies University of St. Thomas 2115 Summit Ave Mail 5051 St. Paul, MN 55105 (651) 962-6286 lori_c () stthomas edu<mailto:lori_c () stthomas edu> [cid:image001.png@01CAA9C6.B2721480] Don't take the bait! IRT will never ask you for your username and password via email. Phishing e-mails attempt to deceive the recipient into giving up private information in a response to a message or by leading the recipient to a fraudulent Web site. Learn more about phishing here<blocked::http://www.stthomas.edu/irt/support/email/phishing.html>.
Current thread:
- Patching iTunes and Firefox Christianson, Lorrayne K. (Feb 09)
- <Possible follow-ups>
- Re: Patching iTunes and Firefox Jason Chambers (Feb 09)
- Re: Patching iTunes and Firefox Kevin Kelly (Feb 09)
- Re: Patching iTunes and Firefox Joe Artz (Feb 10)
- Re: Patching iTunes and Firefox Stanclift, Michael (Feb 10)