Solved

Altiris NS - Microsoft Security Bulletin MS08-052 (KB954478)

Posted on 2009-07-04
3
635 Views
Last Modified: 2013-12-04
Hi guys, First question from an altiris newbie.
Guys,we are using NS 6.2 with Patch Management, and having a big problem with Office 2003 patches.

Problem:

Altiris NS Server reports that most our workstations are vulnerable, but the patch is actually installed on them.

Bulletin/Patch in question:
MS08-052/KB954478

The patch exe is as follows:
Office2003-kb954478-fullfile-enu.exe

What we have done:

The patch was released over a month ago, and if we remote on locally to the workstations, and go to Add/Remove programs, we see an entry in there for the patch: Security Update for Office 2003 (KB954478)
Looking at the Altiris Agent, we find that the patch is continually trying to download and we dont know why.
If we go into the Reports section of the NS server, most systems are reporting that they are vulnerable with respect to this patch, even though they have the patch installed.
The machines have been rebooted since the patch was deployed.
Ive used the remote altiris agent diagnositcs tool.
Ive tried to run an update inventory using the agent, but the reporting ns server is not updating.
Inventory collection is set at an interval every 6 hours.
Because my knowledge of altiris is really limited, im stumped and would love your guys seasoned expertise.

I spose the concern here is how do we get the ns server to report that systems that have actually been patched, dont show as vulnerable when doing the report on the ns server.

Q: How can you force an inventory update, including entries seen in Add/Remove programs, from the client? How and where then do you check on the ns server that this machine will show the patch has been installed?

We have over 3000 machines reporting that this patch has not been installed, when in reality, it is.

Any help greatly appreciated.
0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 500 total points
ID: 24789547
according to KB954478, if the patch has been deployed successfully, the following DLL should be updated as follows:

File name, File version, File size, Date, Time
GDIPlus.dll      , 11.0.8230.0, 1,693,184, 26-Jul-2008, 00:15

so have you actually checked the file on a managed PC having the problem?
0
 
LVL 1

Author Comment

by:Simon336697
ID: 24798295
Hi bbao,
Yes we have bbao.
In Add/Remove programs, it says that the patch is installed.
Our issue is,
The Altiris server has an inventory rule for this patch, that says:
If the target client does not have version 11.0.8230.0 of gdiplus.dll in the office11 directory, then install the patch.
The problem is:
The clients have a previous version of gdiplus.dll in the office11 folder, and when the patch is installed the first time, it does NOT update the version of gdiplus.dll in the office11 folder.
So, each time the altiris agent checks all its rules to install patches, it checks again the version of gdiplus.dll in the office11 folder, finds that it does not match 11.0.8230.0 expected in the rule, and tries to reinstall the patch. I dont know why it is not updating the gdiplus.dll in the c:\program files\microsoft office\office11 folder.
0
 
LVL 37

Expert Comment

by:bbao
ID: 24810776
did you ever go over that folder to check the actual file version *manually*? just right-click the file, choose Properties, and then check Version tab.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
software inventory tools 3 90
Recommendation for open source Monitoring 7 99
JQuery on multiple lines 3 47
/etc/sudoers on Solaris 2 19
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
The viewer will learn common shortcuts with easy ways to remember them. The viewer will then learn where to find all of the keyboard shortcuts, how to create/change them, and how to speed up their workflow.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question