LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

October 2008

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS October 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Microsoft Patch
From:	"Osborne, Bruce W. (NS)" <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Tue, 28 Oct 2008 09:39:28 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (108 lines)

I let my account team know that 48 hour turnaround for the checks was too long. Now it's once a month.

I guess that's progress :(

-----Original Message-----
From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Nathaniel Austin
Sent: Tuesday, October 28, 2008 9:33 AM
To: [log in to unmask]
Subject: Re: [CLEANACCESS] Microsoft Patch

Hey Bruce,

I understand your frustration at the situation - if I was in your place
I would feel the same way.

Thank you for alerting your account team about the situation. Ultimately
there is a much better chance of anything changing if they are involved.

Thanks,

Nate

Osborne, Bruce W. (NS) wrote:
> Nate,
>
> As a large institution, Liberty University cannot upgrade very often and we need stable, reliable code. At our last decision point, the best code was 4.1.2.1. This version requires our clients to use Cisco's preconfigured checks. We cannot use the WSUS style requirements. Also, a majority of our machines are owned my students, and not part of our domain.
>
> Cisco's customers were not notified of your policy change to release preconfigured checks monthly, regardless of Microsoft's patch release.
>
> Due to the MS08-067 patch release & known exploit code and The BU's failure to release a check, our network security is compromised unless we create our own solution.
>
>
> The BU needs to reconsider their decision to allow known exploits on Cisco's customer networks. Their job may depend on it!
>
>
> BTW, I have passed similar sentiments up to our account team & VAR.
>
> Bruce Osborne
> Liberty University
>
>
> -----Original Message-----
> From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Nathaniel Austin
> Sent: Tuesday, October 28, 2008 8:58 AM
> To: [log in to unmask]
> Subject: Re: [CLEANACCESS] Microsoft Patch
>
> Hey Timothy,
>
> In my experiences you are one of the minority - most people want to
> minimize user impact and just trust Microsoft if there is a discrepancy.
> So if you like using our ruleset, then by all means don't change -
> unfortunately that ruleset is not going to add in a check for this
> hotfix until next month. I wish I could tell you otherwise, but thats
> the situation right now.
>
> Nate
>
> Riegert, Timothy J. wrote:
>
>> We've been using the Cisco checks and have noticed some instances where Windows Update reports no new updates to install, even though they are missing updates. Sometimes running a Windows Update fix script (re-registers .dlls, installs latest version of Windows Update client, etc.) fixes these computers and they'll be able to download the patches through Windows Update, but sometimes it doesn't help and they must manually install the updates. We are happy that the Cisco checks are helping to identify these discrepancies.
>>
>> Would I be accurate in stating the WSUS method assumes the Windows Update client is always working correctly?
>>
>>
>> -----Original Message-----
>> From: Cisco Clean Access Users and Administrators [mailto:[log in to unmask]] On Behalf Of Nathaniel Austin
>> Sent: Monday, October 27, 2008 9:45 PM
>> To: [log in to unmask]
>> Subject: Re: Microsoft Patch
>>
>> Hey Mike,
>>
>> Word from the BU is that they will only update from Microsoft once a
>> month, so this one will not go into the checks and rule set until next
>> months Patch Tuesday release.
>>
>> So a preemptive apology to everyone out there who wants this now. I
>> think there are some good custom checks that some of you have created to
>> at least get it checked for in your environments in the meantime.
>>
>> I know this isn't really a consolation, but I think this again proves
>> that the WSUS style requirement that checks against Microsoft's WU
>> servers instead of our checks and rules is a much better option.
>>
>> Nate
>>
>> Mike Diggins wrote:
>>
>>
>>> On Mon, 27 Oct 2008, Osborne, Bruce W. (NS) wrote:
>>>
>>>
>>>
>>>> When I last checked this afternoon, Cisco still did not have their
>>>> check published. What happened to the commitment to publish within 48
>>>> hours of patch release??
>>>>
>>>>
>>> I was wondering that myself. I checked a few times today to see if it
>>> had been published. I normally only update my CCA servers once a
>>> month, so as not to annoy my clients too much, but this one seems like
>>> it needs special attention.
>>>
>>> -Mike
>>>
>>>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU