2 Replies Latest reply on Oct 30, 2012 2:32 AM by SupportAL

    How do I include revision patches in my patch scan templates?

    Rookie

      Hi,

       

      I am currently testing out VMware vCenter Protect and noticed that Windows Update picked up a couple patches that Protect did not. When I looked into the missing patches, I noticed they were patch revisions.  How do I get protect to download these so I can apply them to my systems?  Here's one of them I'm referring to. 

       

      Revision
      - Modified MS12-054(Q2705219): Microsoft revised this bulletin to rerelease the KB2705219 update for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 to address an issue involving specific digital certificates that were generated by Microsoft without proper timestamp attributes.

       

      When I did a search for it in patch view, I see the original patch dated at 8/14/12, but not the ones released after. 

       

      There's also a couple of Windows "Updates" that it missed as well.

       

      Thanks,

      Steven

        • 1. Re: How do I include revision patches in my patch scan templates?
          Rookie

          I do have the latest files available (2.0.0.2884).

           

           

          Thanks,

          Steven

          • 2. Re: How do I include revision patches in my patch scan templates?
            Apprentice

            Hi Steven,

             

            In the past few weeks Micorsoft has revised some patches due to Certificate issues. Microsoft signed some patch components with certificates that had incorrect Timestamp dates.

            More Info :http://technet.microsoft.com/en-us/security/advisory/2749655

             

             

            Microsoft has rereleased these patches with correct certificate attributes.

            An important point to note is that there has been no change to the actual patch binary, that is to say , if you have installed the original release , you are protected from whatever vulnerability that patch remediated.

             

            In all likelihood, the reason these patches are showing in Windows Update and not in Protect is that they once appeared missing in Protect and the original release was installed. Protect no longer shows the Patch as missing as the correct binaries have been applied to declare that patch as installed.

            Windows Update is presenting the patch revisions as "missing" because it performs a WMI command to check the Certificate versions installed.

             

            Our Data Team is currently in the process of determining the best method to present these patches as "missing" in Protect so they can be reissued.

             

            Regarding the other updates

            These are more than likely non-security related patches or security tools.

            If you create a new Patch Scan Template, and check the "Non-Security Patches" and "Security Tools" checkboxes on the lower right you should see these other updates as returned missing.

             

            If you have any further queries regarding the above, in particular the reissued certificates, please dont hesitate to contact support. We will help you out as much as we can,

             

            Thanks

            Anthony

            1 of 1 people found this helpful