Patch Management Solution

Hello,

I need to distribute MS12-056 from Microsoft using Patch Management (actually I have 7.1 version).

When I went to Policies > Software > Patch Management > Patch Remediation Center I can't found "MS12-056" but I know why.

In the "MetaData Import Task" I only have checked the vendors, software and languages I use in my environment (basically Adobe and Microsoft; spanish/english). For these vendors, only software I have is checked (basically Windows 7, Office 2010, etc.).

The problem for not finding the MS12-056 bulletin for distribution is for sure that I don't have checked the software for the patch in this list.

As I don't want to check all Microsoft products, I'm trying to find which product I need to check by looking at the contents of the PMIMPORT.CAB file. I've found there the "PMImport_SWB_MS12-056.xml" file with the following contents:

<!--Copyright 2012 Altiris Inc. (All Rights Reserved)-->
<items>
  <item guid="{54469070-f073-4151-8ff4-186c2a109ba0}" classGuid="{30f75395-761b-4c7e-bb25-f7c556833917}">
    <name>MS12-056</name>
    <alias />
    <itemAttributes>NoDelete</itemAttributes>
    <ResourceItemHash>5CE2FC86B10D451F480E60861510AD76</ResourceItemHash>
    <isDisabledByUser>False</isDisabledByUser>
    <parentFolderGuid>9d518104-49e9-429e-85d7-0adf3654b828</parentFolderGuid>
    <resource>
      <typeGuid>3063db82-7011-4a03-86ca-7be49fb749cc</typeGuid>
      <managed>false</managed>
      <keys>
        <key name="swb" value="MS12-056" />
      </keys>
    </resource>
    <resourceData>
      <parentResourceAssociations>
        <resourceAssociations guid="7eeab03a-839c-458d-9af2-55db6b173293">
          <resourceAssociation resourceGuid="3ff6ee78-1130-484e-8a0e-bf5d766aff87" />
          <resourceAssociation resourceGuid="4071573d-1e67-45eb-b587-b185e2e8e4fc" />
          <resourceAssociation resourceGuid="447d4b5d-c057-4e33-b19e-820230725129" />
          <resourceAssociation resourceGuid="540c2ae5-325f-4f16-9868-12b322d3c057" />
          <resourceAssociation resourceGuid="6ebf6314-642a-4549-9047-86e498aeec6e" />
          <resourceAssociation resourceGuid="7b1e3b8a-672d-4ee1-889d-fff87f2c247d" />
          <resourceAssociation resourceGuid="849582b7-8bf3-4d8b-8fc3-1e3ac05a2d31" />
          <resourceAssociation resourceGuid="9150a2fa-9d67-434f-99ae-7a6ee26114a5" />
          <resourceAssociation resourceGuid="9da2608f-4568-43e8-9fd0-d6b0ffa9aa20" />
          <resourceAssociation resourceGuid="cd2d9bb9-d307-4d10-a5fd-c8eb8e452a7d" />
          <resourceAssociation resourceGuid="d821ea1a-b9f9-4c33-987f-ff51bde9da6c" />
          <resourceAssociation resourceGuid="e24df676-9185-456c-ad41-72a06e4be013" />
          <resourceAssociation resourceGuid="f23944cf-0867-4b6e-b5e3-90b0d5350e46" />
          <resourceAssociation resourceGuid="f441a8f4-ad6e-4aad-b4ca-0e51cb675c59" />
          <resourceAssociation resourceGuid="f5422bf6-0f49-4b53-9fe7-3f331c50e0c4" />
          <resourceAssociation resourceGuid="f59960a8-3c66-4505-8de3-7e3aa3070737" />
        </resourceAssociations>
        <resourceAssociations guid="2ffeb9f0-601e-4746-a830-bdb200076503">
          <resourceAssociation resourceGuid="9d5f6bb8-8adf-49d1-9d84-2932ca46ce1e" />
        </resourceAssociations>
      </parentResourceAssociations>
      <dataclasses>
        <dataclass guid="d4f94ba7-1ee3-4547-b8c2-3cf693cf602a">
          <row c1="01e86700-4a22-4205-8b40-7009696e9f5c" c2="4e622d35-39dd-4105-bf47-b4cc8c5e64ee" c3="CVE-2012-2523" c4="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2523" c5="1aa23d37-3947-4625-8b01-5575ea561ef8" c6="2012-08-14T00:00:00" />
        </dataclass>
        <dataclass guid="214631de-d9e0-475a-999d-57a79aadf4ae">
          <row c2="True" c3="http://technet.microsoft.com/security/bulletin/ms12-056" c4="2012-08-14T00:00:00" c5="2012-08-14T00:00:00">
            <c7><![CDATA[This security update resolves a privately reported vulnerability in the JScript and VBScript scripting engines on 64-bit versions of Microsoft Windows. The vulnerability could allow remote code execution if a user visited a specially crafted website. An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website.]]></c7>
          </row>
        </dataclass>
        <dataclass guid="2e0e9b94-4457-43cc-b6c9-85316ad80ae5">
          <row c1="9d5f6bb8-8adf-49d1-9d84-2932ca46ce1e" c2="f1beb524-9694-4e8e-bf78-0f04736556e2" c3="3" />
        </dataclass>
      </dataclasses>
    </resourceData>
    <itemReferences />
    <description>Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045)</description>
  </item>
</items>

How can I determine which software/product do I need to check with this information?

Thanks.

check out the link in this xml?

http://technet.microsoft.com/security/bulletin/ms12-056

Affected Software:

Hi ManelR,

Actually the best and quick way is to check affected products on vendor page related to bulletin / update.

Thanks,
Roman

Hi Roman,

Yes, I've checked the XML and I've seen that MS12-056 is related to JScript and VBScript but I don't know which product must I check under Microsoft vendor list at:

Home > Patch Management > MetaData Import Task > Vendors and Software

I only have checked 92 items because I want the PMIMPORT process to finish as fast as possible and only to process products in my environment.

If the product related to the patch is not checked, when the PMIMPORT.CAB is downloaded, the XML for this patch is skipped and the bulletin doesn't appear for download/distribution.

Do you know how can I use the information in the XML file to "know" the name of the product that I need to check? (see attachment)

Thanks.

Like written in the table, you probably have to select the operating systems that are affected.

I don't see any other products there.

Hi ManelR,

Actually it is not simply to identify correct Product using XML files from PMImport.cab. Affected products are associated with updates, not bulletins, and it is hard to track all associations between different XML files and guids.
MS12-056 includes 6 updates and each update has own affected products.
So in order to try to identify correct product for MS12-056 bulletin, you need firstly to find update you want to distribute from this bulletin.
For example, MS12-056 includes updates IE8-WindowsServer2003.WindowsXP-KB2706045-x64-ENU.exe  (http://www.microsoft.com/en-us/download/details.aspx?id=30510)
From file name you may suppose that you should select Internet Explorer 8 (x64).
 

I have checked on my side that IE8-WindowsServer2003.WindowsXP-KB2706045-x64-ENU.exe and IE8-Windows6.0-KB2706045-x64.msu are indeed imported if Internet Explorer 8 (x64) is selected.
Please find information about remaining updates from MS12-056 below.

If you want do distribute Windows6.1-2008-R2-KB2706045-x64.msu, select any of the following product:
Windows Server 2008 R2 Datacenter (x64)
Windows Server 2008 R2 Enterprise (x64)
Windows Server 2008 R2 HPC (x64)
Windows Server 2008 R2 Standard (x64)
Windows Small Business Server 2011
Windows Web Server 2008 R2 (x64)

If you want do distribute Windows6.1-2008-R2-SP1-KB2706045-x64.msu, select any of the following product:
Windows Home Server 2011
Windows Server 2008 R2 Datacenter (x64)
Windows Server 2008 R2 Enterprise (x64)
Windows Server 2008 R2 HPC (x64
Windows Server 2008 R2 Standard (x64)
Windows Storage Server 2008 R2 Essentials
Windows Web Server 2008 R2 (x64)

If you want do distribute Windows6.1-KB2706045-x64.msu, select any of the following product:
Windows 7 Embedded Standard (x64)
Windows 7 Enterprise (x64)
Windows 7 Home Premium (x64)
Windows 7 Professional (x64)
Windows 7 Ultimate (x64)

If you want do distribute Windows6.1-Windows7-KB2706045-x64.msu, select any of the following product:
Windows 7 Embedded Standard (x64)
Windows 7 Enterprise (x64)
Windows 7 Home Premium (x64)
Windows 7 Professional (x64)
Windows 7 Ultimate (x64)

Hope this helps,
Roman.

Hi Mistral/Roman,

Of course, I want to download and distribute some components of MS12-056. The items related for Windows 7 x64.

As you can see in my first picture attached, I have checked this operating system because I can download other bulletins without problems.

But, when I go to the list of bulletins and I filter for MS12-056 I found nothing because the PMIMPORT task has not included this bulletin in the list (see second picture).

Of course, I can check all Microsoft products and the bulletin will be included but after this I would need to uncheck again all the products/operating systems we don't use in our environment and the bulletin will be gone again.

Is something curious. If you only have Windows 7 Enterprise x64 checked, does the bulletin appear in your list?

Thanks.

I have whole Microsoft selected ... and i can see it.

Sorry, i know that doesn't help you ... at least we know it does work at all.

Hi ManelR,

I can confirm that 2 updates from MS12-056 bulletin are indeed imported on my setup during PM Import task in case if single Windows 7 Enterprise (x64) is checked. These updates are Windows6.1-KB2706045-x64.msu and Windows6.1-Windows7-KB2706045-x64.msu.
I noticed that Patch Remediation Center shows 'Windows Compliance by Bulletin' on your second screenshot - actually it does not show all imported bulletins. Could you please change view to 'All Software Bulletin' and check if MS12-056 appears?

MS12-056 should be shown in 'Windows Compliance by Bulletin' list if Windows System Assessment Scan is executed on clients after last PM Import task and imported updates from MS12-056 are detected as applicable.

Thanks,
Roman