[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Patch management - free tools or free webs

Posted on 2012-09-21
4
Medium Priority
?
625 Views
Last Modified: 2012-09-22
I have searched the web (not enough apparently) for a site/RSS where I can see a list of patches released frm various vendors.

If that's not availbla a tool would be nice too.

I'm NOT looking for a patch management tool where we can deploy for patches to be released or installed.

I just want to know when each vendor release their patches.
0
Comment
Question by:jensjakobsen
4 Comments
 
LVL 124

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 2000 total points
ID: 38423809
We have been using CVE since it started in the late 90s, which lists vendors security vulnerabilities, RSS feeds are available, most major vendors are listed and submitted, and use CVE codes in their KB articles, against fix lists

http://www.cve.mitre.org/about/index.html
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 38423921
CVE's are good, Secunia is one of the better ones, I watch expoit-db.com for products  we have that are going to get hacked rather than wait for a patch that may never come :)
I believe they can mail you about certain products when/if there is and advisory: http://secunia.com/community/profile/
A few days before most "patch tuesday" sans puts out a small assessment of the patches that affect M$ products: http://isc.sans.edu/diary.html even the out-of-band ones like this weeks: http://isc.sans.edu/diary/IE+Cumulative+Updates+MS12-063+-+KB2744842/14155
-rich
0
 
LVL 65

Expert Comment

by:btan
ID: 38424250
Personally I like cvedetails site as it is a all in one. It does not so called give you that one patch release list for all vendors but it has the information within the site. Usually either I go straight for that vendor or product or cve else I use their google search within the site with keyword "patch" and the combination of vendor name etc to isolate the list. Not very neat but handy (at least scrawling high low...)

http://cvedetails.com/index.php

Actually if you want to there is itsedb website leveraging OVAL(Open Vulnerability and Assessment Language) as well. Even itsecdb is fully integrated to www.cvedetails.com so you can easily navigate between CVE, product and oval definition details.  one meas for it is check based on date - see "Patches By Release Dates"

http://itsecdb.com/oval/browse-bydate.php
0
 
LVL 1

Author Comment

by:jensjakobsen
ID: 38425137
Thank you very much for your responses.

CVE does the trick for me :)
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introducing Priority Question, our latest feature.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question