Microsoft Solutions for Security Security Patch Management Brodie Desimone, CISSP Senior Technology Specialist Michael Nowacki, CISSP.

Slides:



Advertisements
Similar presentations
Patch Management Patch Management in a Windows based environment
Advertisements

Connected Health Framework
Selecting the Right Network Access Protection (NAP) Architecture Infrastructure Planning and Design Published: June 2008 Updated: November 2011.
Network Access Protection & Network Admission Control March 10, 2005 Teerapol Tuanpusa Network Consultant Cisco Systems Thailand Jirat Boomuang Technology.
Desktop Value - Introducing Windows XP Service Pack 2 with Advanced Security Technologies Presenter: James K. Murray Title: Information Technologies Consultant.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
Unleashing the Power of Ubiquitous Connectivity with IPv6 Sandeep K. Singhal, Ph.D Director of Program Management Windows Networking.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Enhancing Customer Security: Ongoing Efforts to Help Customers Dave Sayers Technical Specialist Microsoft UK.
Information for Developers Windows XP Service Pack 2 Information for Developers.
1 Secure Your Business PATCH MANAGEMENT STRATEGY.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Tech·Ed North America /19/2017 6:02 AM
How To Keep Up With Security Patches Eric Schultze Security Strategies Microsoft.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
VMware vCenter Server Module 4.
Cliff Evans Security and Privacy Lead Trustworthy Computing Group Microsoft UK.
Patch Management Strategy
IT:Network:Microsoft Applications
Module 16: Software Maintenance Using Windows Server Update Services.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
Wally Mead Senior Program Manager Microsoft Corporation.
©2003–2008 Check Point Software Technologies Ltd. All rights reserved. CheckPoint new security architecture and R70 highlights.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Information for Developers Windows XP Service Pack 2 Information for Developers Tony Goodhew Product manager Developer Division Microsoft Corp
1. Windows Vista Enterprise And Mid-Market User Scenarios 2. Customer Profiling And Segmentation Tools 3. Windows Vista Business Value And Infrastructure.
OFC 200 Microsoft Solution Accelerator for Intranets Scott Fynn Microsoft Consulting Services National Practices.
Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Module 14: Configuring Server Security Compliance
SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.
OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.
Migration from Software Update Services to Windows Server Update Services Jeff Alexander IT Pro Evangelist Microsoft Australia Scott Korman WSUS MVP SEC316.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Paul Butterworth Management Technology Architect
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Microsoft Management Seminar Series SMS 2003 Change Management.
NetTech Solutions Supporting Users and Troubleshooting Desktop Applications on Microsoft Windows XP Instructor Richard Fredrickson.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
Virtual Machine Management Challenges What are Solution Accelerators? Offline Virtual Machine Servicing Tool Next Steps.
Security and Microsoft Carolyn Burke, MA, CISSP Acting Senior Security Product Manager, Microsoft Canada CEO, Integrity Incorporated.
Managed Support CSM Event – 1 st June Steven Grier Premier Support Manager Premier Support.
Information Technology Services Strategic Directions Approach and Proposal “Charting Our Course”
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
Advancing Security Progress and Commitment Stuart Okin Chief Security Advisor – Microsoft UK Delivering on security (an update on progress)
Service Pack 2 System Center Configuration Manager 2007.
© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,
Windows Server 2003 SP1 Technical Overview John Howard, IT Pro Evangelist, Microsoft UK
David B. Cross Product Unit Manager Microsoft Corporation Session Code: SIA303 Donny Rose Senior Program Manager.
Customer Guide to Limited-Time Offer
Microsoft’s Security Strategy
Office Power Hour New developer APIs and features for Apps for Office
Implementing Client Security on Windows 2000 and Windows XP Level 150
Forum on Application Compatibility for Windows “Longhorn”
5/12/2019 2:57 PM © Microsoft Corporation. All rights reserved.
Agenda The current Windows XP and Windows XP Desktop situation
Microsoft Virtual Academy
Microsoft Data Insights Summit
Security in the Real World – Plenary Day One
Implementing Security Patch Management
Mark Quirk Head of Technology Developer & Platform Group
Using Software Restriction Policies
Presentation transcript:

Microsoft Solutions for Security Security Patch Management Brodie Desimone, CISSP Senior Technology Specialist Michael Nowacki, CISSP Senior Security Technology Specialist

Reduce Frequency, Quantity of Patches Inadequate Communications, Guidance, and Training Inconsistent Patching Experience Multiple, Incomplete Patch Management Tools Inconsistent Patch Quality Customer Feedback

Microsoft Solutions for Security Addressing The Situation Security and patch management priority #1 – bar none – at MicrosoftSecurity and patch management priority #1 – bar none – at Microsoft Microsoft problemMicrosoft problem Industry problemIndustry problem Ongoing battle with malicious hackersOngoing battle with malicious hackers Need comprehensive, tactical and strategic approach to addressing the situationNeed comprehensive, tactical and strategic approach to addressing the situation Trustworthy Computing InitiativeTrustworthy Computing Initiative Security framework and focusSecurity framework and focus Patch Management InitiativePatch Management Initiative

Microsoft Solutions for Security TWC Overview

Microsoft Solutions for Security Microsoft’s Security Framework Clear security commitment Clear security commitment Full member of the security community Full member of the security community Microsoft Security Response Center Microsoft Security Response Center Secure architecture Secure architecture Security aware features Security aware features Reduce vulnerabilities in the code Reduce vulnerabilities in the code Reduce attack surface area Reduce attack surface area Unused features off by default Unused features off by default Only require minimum privilege Only require minimum privilege Protect, detect, defend, recover, manage Protect, detect, defend, recover, manage Process: How to’s, architecture guides Process: How to’s, architecture guides People: Training People: Training SD 3 + Communications Secure by Design Secure by Default Secure in Deployment Communications

Patch Management Initiative Goals Cross divisional team with mission to resolve key patch management issues Consistently high quality Consistently small patch sizes Minimize reboots on patch installation Accurate, effective, easily discoverable, and timely information Process and best practice guidance; training Consistent formats and mechanisms for discovery, applicability evaluation, un- installation, etc. of patches and updates The right set of functionality Easy to deploy, administer, use Interoperability with third party solutions Informed & Prepared Customers Superior Patch Quality Consistent & Superior Update Experience Best Patch & Update Management Solutions

Improve the Patching Experience New Patch Policies Extending support to June 2004Extending support to June 2004 Windows 2000 SP2Windows 2000 SP2 Windows NT SP6aWindows NT SP6a Non-emergency security patches on a monthly release scheduleNon-emergency security patches on a monthly release schedule Allows for planning a predictable monthly test and deployment cycleAllows for planning a predictable monthly test and deployment cycle Packaged as individual patches that can be deployed togetherPackaged as individual patches that can be deployed together Achieves benefits of security rollup with increased flexibilityAchieves benefits of security rollup with increased flexibility Patches for emergency issues will still release immediately

Microsoft Solutions for Security By late 2004: Consolidation to 2 patch installers for W2k and later, SQL 2000, Office & Exchange 2003; all patches will behave the same way (update.exe, MSI 3.0) Improved tools consistency By mid-2004: Consistent results from MBSA, SUS, SMS, Windows Update (will all use SUS 2.0 engine for detection) Reduce patch complexity Reduce risk of patch deployment Now: Increased internal testing; customer testing of patches before release By mid-2004: Rollback capability for W2k generation products and later (MSI 3.0 patches) Reduce downtime Now: Continued focus on reducing reboots By late 2004: 30% of critical updates on Windows Server 2003 SP1 installed w/o rebooting (“hot patching”) Your Need Our Response Improve the Patching Experience Patch Enhancements Reduce patch size By late 2004: Substantially smaller patches for W2k generation and later OS & applications (Delta patching technology, next generation patching installers) Improved tools capabilities May 2004: Microsoft Update (MU) hosts patches for W2k server, and over time SQL 2000, Office & Exchange 2003 By mid-2004: SUS 2.0 receives content from MU & adds capabilities for targeting, basic reporting and rollback

Solution Components Analysis Tools Microsoft Baseline Security Analyzer (MBSA)Microsoft Baseline Security Analyzer (MBSA) Office Inventory ToolOffice Inventory Tool Online Update Services Windows UpdateWindows Update Office UpdateOffice Update Content Repositories Windows Update CatalogWindows Update Catalog Office Download CatalogOffice Download Catalog Microsoft Download CenterMicrosoft Download Center Management Tools Automatic Updates (AU) feature in WindowsAutomatic Updates (AU) feature in Windows Software Update Services (SUS)Software Update Services (SUS) Systems Management Server (SMS)Systems Management Server (SMS) Prescriptive Guidance Microsoft Guide to Security Patch ManagementMicrosoft Guide to Security Patch Management Patch Management Using SUSPatch Management Using SUS Patch Management Using SMSPatch Management Using SMS

Patch Management Guidance Prescriptive guidance from Microsoft for effective patch managementPrescriptive guidance from Microsoft for effective patch management Uses Microsoft Operations Framework (MOF)Uses Microsoft Operations Framework (MOF) Based on ITIL* (defacto standard for IT best practices)Based on ITIL* (defacto standard for IT best practices) Details requirements for effective patch management:Details requirements for effective patch management: Technical & operational pre-requisitesTechnical & operational pre-requisites Operational processes & how technology supports themOperational processes & how technology supports them Daily, weekly, monthly & as-needed tasks to be performedDaily, weekly, monthly & as-needed tasks to be performed Testing optionsTesting options Three patch management guidance offeringsThree patch management guidance offerings Microsoft Guide to Security Patch Management**Microsoft Guide to Security Patch Management**Microsoft Guide to Security Patch ManagementMicrosoft Guide to Security Patch Management Patch Management using Software Update Services***Patch Management using Software Update Services***Patch Management using Software Update ServicesPatch Management using Software Update Services Patch Management using Systems Management Server***Patch Management using Systems Management Server***Patch Management using Systems Management ServerPatch Management using Systems Management Server *Information Technology Infrastructure Library **Emphasizes security patching & overall security management ***Comprehensive coverage of patch management using the specified technology

Microsoft Solutions for Security Windows XP SP2Windows XP SP2 Improved network protectionImproved network protection Safer and Web browsingSafer and Web browsing Enhanced memory protectionEnhanced memory protection Beta by end of 2003, RTM based on customer feedbackBeta by end of 2003, RTM based on customer feedback Windows Server 2003 SP1Windows Server 2003 SP1 Role-based security configurationRole-based security configuration Inspected remote computersInspected remote computers Inspected internal environmentInspected internal environment RTM H2 CY04RTM H2 CY04 Delivering Security Technologies

Client Shielding Enhancements Security enhancements that protect computers, even without patches; Included in Win XP SP2 (H104) with more to follow Helps stop network-based attacks, file attachment viruses and buffer overruns Network Protection: Improved ICF protection turned on by defaultNetwork Protection: Improved ICF protection turned on by default Safer Improved attachment blocking for Outlook Express and IMSafer Improved attachment blocking for Outlook Express and IM Safer browsing: Better user controls to prevent malicious ActiveX controls and SpywareSafer browsing: Better user controls to prevent malicious ActiveX controls and Spyware Memory Protection: Improved compiler checks (/GS) to reduce stack overrunsMemory Protection: Improved compiler checks (/GS) to reduce stack overruns What it is What it does Key Features

Enterprise Shielding Enhancements Enterprise Quarantine Only clients that meet corporate security standards are allowed to connect; included in Win 2003 SP1 (H204) with more to follow Protects enterprise assets from infected computers Enforces specific corporate security requirements such as patch level, AV signature state and firewall stateEnforces specific corporate security requirements such as patch level, AV signature state and firewall state Ensure these standards are met whenEnsure these standards are met when VPN connections are made by remote clientsVPN connections are made by remote clients Wired or wireless connections are made by rogue and transient clientsWired or wireless connections are made by rogue and transient clients What it is What it does Key Features

Microsoft Solutions for Security H1 04 H2 04 FutureToday Extended support Monthly patch releases Baseline guidance Community Investments Windows XP SP2 Patching enhancements SMS 2003 SUS 2.0 Microsoft Update Broad training Windows Server 2003 SP1 Security technologies Next generation inspection NGSCB Windows hardening Continued OS-level security technologies

Microsoft Solutions for Security Security Resources New: IT Pro Security ZoneNew: IT Pro Security Zone New: Security Guidance for the EnterpriseNew: Security Guidance for the Enterprise Subscribe to MSRC notifications:Subscribe to MSRC notifications: Trustworthy Computing:Trustworthy Computing: Hot Fix & Security Bulletin Search:Hot Fix & Security Bulletin Search: url=/technet/security/current.asphttp:// url=/technet/security/current.asphttp:// url=/technet/security/current.asphttp:// url=/technet/security/current.asp

Microsoft Solutions for Security © 2003 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.