MICROSOFT’S December 2016 PATCH RELEASES

MICROSOFT’S December 2016 PATCH RELEASES

by | Dec 14, 2016 | Deployment, Fixes, Patch Management, Patch Releases, Risk, SCCM, Security

MICROSOFT’S December 2016 PATCH RELEASES

patch tuesday aliens

Microsoft have released 12 new Patch Tuesday releases for deployment this month of December.

See how you can remove the risk of patch deployment by adding SnaPatch to your SCCM patching infrastructure?

MS16-144 – Critical

Cumulative Security Update for Internet Explorer (3204059)
This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

MS16-145 – Critical

Cumulative Security Update for Microsoft Edge (3204062)
This security update resolves vulnerabilities in Microsoft Edge. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Microsoft Edge. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than users with administrative user rights.

MS16-146 – Critical

Security Update for Microsoft Graphics Component (3204066)
This security update resolves vulnerabilities in Microsoft Windows. The most severe of the vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-147 – Critical

Security Update for Microsoft Uniscribe (3204063)
This security update resolves a vulnerability in Windows Uniscribe. The vulnerability could allow remote code execution if a user visits a specially crafted website or opens a specially crafted document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

MS16-148 – Critical

Security Update for Microsoft Office (3204068)
This security update resolves vulnerabilities in Microsoft Office. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted Microsoft Office file. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

MS16-149 – Important

Security Update for Microsoft Windows (3205655)
This security update resolves vulnerabilities in Microsoft Windows. The more severe of the vulnerabilities could allow elevation of privilege if a locally authenticated attacker runs a specially crafted application.

MS16-150 – Important

Security Update for Secure Kernel Mode (3205642)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if a locally-authenticated attacker runs a specially crafted application on a targeted system. An attacker who successfully exploited the vulnerability could violate virtual trust levels (VTL).

MS16-151 – Important

Security Update for Windows Kernel-Mode Drivers (3205651)
This security update resolves vulnerabilities in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application that could exploit the vulnerabilities and take control of an affected system.

MS16-152 – Important

Security Update for Windows Kernel (3199709)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows kernel improperly handles objects in memory.

MS16-153 – Important

Security Update for Common Log File System Driver (3207328)
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. In a local attack scenario, an attacker could exploit this vulnerability by running a specially crafted application to bypass security measures on the affected system allowing further exploitation.

MS16-154 – Critical

Security Update for Adobe Flash Player (3209498)
This security update resolves vulnerabilities in Adobe Flash Player when installed on all supported editions of Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, and Windows Server 2016.

MS16-155 – Important

Security Update for .NET Framework (3205640)
This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.

Now that you have made it this far, a quick shameless plug for our software portfolio. 🙂

SnaPatch – Patch Management Addon for Microsoft’s SCCM.

SnapShot Master – Take control of your virtual machine snapshots, works with both Hyper-V and Vmware.

Azure Virtual Machine Scheduler – Save money and schedule the shutdown and power on of your virtual machines within Microsoft’s Azure Cloud.

Azure Virtual Machine Deployer – Deploy VMs to Microsoft’s Azure cloud easily, without the need for powershell.

Upgrade SCCM 1610 – A Comprehensive Guide

Upgrade SCCM 1610 – A Comprehensive Guide

by | Nov 24, 2016 | Features, Fixes, How To, SCCM

How to upgrade SCCM 1610​

SCCM 1610

Microsoft has recently released SCCM 1610, the much-awaited upgrade to their System Center Configuration Manager. This upgrade includes new features and enhancements in Office 365 management, application management, Windows 10, client management, end-user experience, and new functionality for customers using Intune with SCCM. In this article, we will discuss how to upgrade to SCCM 1610 and its new features and enhancements.

A quick overview of these enhancements are;

  • Windows 10 Upgrade Analytics integration allows you to assess and analyze device readiness and compatibility with Windows 10 to allow smoother upgrades.
  • Office 365 Servicing Dashboard and app deployment to clients features help you to deploy Office 365 apps to clients as well as track Office 365 usage and update deployments.
  • Software Updates Compliance Dashboard allows you to view the current compliance status of devices in your organization and quickly analyze the data to see which devices are at risk.
  • Cloud Management Gateway provides a simpler way to manage Configuration Manager clients on the Internet. You can use the ConfigMgr console to deploy the service in Microsoft Azure and configure the supported roles to allow cloud management gateway traffic.
  • Client Peer Cache is a new built-in solution in Configuration Manager that allows clients to share content with other clients directly from their local cache with monitoring and troubleshooting capabilities.
  • Enhancements in Software Center including customizable branding in more dialogs, notifications of new software, improvements to the notification experience for high-impact task sequence deployments, and ability for users to request applications and view request history directly in Software Center.
  • New remote control features including performance optimization for remote control sessions and keyboard translation.

and if you use SCCM with Microsoft’s Intune you get the following new features;

  • New configuration item settings and improvements now only show settings that apply to the selected platform. We also added lots of new settings for Android (23), iOS (4), Mac (4), Windows 10 desktop and mobile (37), Windows 10 Team (7), Windows 8.1 (11), and Windows Phone 8.1 (3).
  • Lookout integration allows to check device’s compliance status based on its compliance with Lookout rules.
  • Request a sync from the admin console improvement allows you to request a policy sync on an enrolled mobile device from the Configuration Manager console.
  • Support for paid apps in Windows Store for Business allows you to add and deploy online-licensed paid apps in addition to the free apps in Windows Store for Business.

SCCM 1610 FAQs

Question Answer

What is SCCM 1610?

 SCCM 1610 is the upgrade to Microsoft’s System Centre Configuration Manager.

What new features are included in SCCM 1610?

 SCCM 1610 includes new features and enhancements in Office 365 management, Windows 10, application management, client management, end user experience, and new functionality for customers using Intune with SCCM.

What is Windows 10 Upgrade Analytics integration?

 Windows 10 Upgrade Analytics integration allows you to assess and analyze device readiness and compatibility with Windows 10 to allow smoother upgrades.

What is the Office 365 Servicing Dashboard?

 The Office 365 Servicing Dashboard is a feature that helps you to deploy Office 365 apps to clients as well as track Office 365 usage and update deployments.

What is the Software Updates Compliance Dashboard?

 The Software Updates Compliance Dashboard allows you to view the current compliance status of devices in your organization and quickly analyze the data to see which devices are at risk.

What is the Cloud Management Gateway?

 The Cloud Management Gateway provides a simpler way to manage Configuration Manager clients on the Internet. You can use the ConfigMgr console to deploy the service in Microsoft Azure and configure the supported roles to allow cloud management gateway traffic.

What is Client Peer Cache?

 Client Peer Cache is a new built-in solution in Configuration Manager that allows clients to share content with other clients directly from their local cache with monitoring and troubleshooting capabilities.

What are the enhancements in Software Center?

 The enhancements in Software Center include customizable branding in more dialogs, notifications of new software, improvements to the notification experience for high-impact task sequence deployments, and ability for users to request applications and view request history directly in Software Center.

What are the new remote control features?

 The new remote control features include performance optimization for remote control sessions and keyboard translation.

What new features are available if you use SCCM with Microsoft’s Intune?

 If you use SCCM with Microsoft’s Intune, you get new configuration item settings and improvements, Lookout integration, Request a sync from the admin console improvement, and support for paid apps in Windows Store for Business.

How do you upgrade to SCCM 1610?

 To upgrade to SCCM 1610, you need to follow several steps, including checking to see if SCCM 1610 has downloaded, enabling the Fast Ring, forcing a check for the update, and downloading and installing the SCCM 1610 update.

Upgrade to SCCM 1610

Now to upgrade your SCCM to version 1610, follow the following steps;

Check to see if SCCM 1610 has downloaded.

Open your SCCM console, and go to Administration, expand Cloud Services, then Updates and Servicing.

no sccm 1610

As in the picture above, you can see that the update to SCCM 1610 has not downloaded as yet. You can choose to right click and check for updates, but as Microsoft are slowly rolling out this update over the next few weeks it may not download. If you cannot wait for it to download itself, you can force the update to do so by running the following Powershell script located here https://gallery.technet.microsoft.com/ConfigMgr-1610-Enable-046cc0e9

Download SCCM 1610 Fast Ring

If you have waited quite sometime and SCCM 1610 hasn’t downloaded, then you need to download the EnableFastRing.Exe to do this for you. Once downloaded. launch the file and extract the powershell script and follow these steps.

SCCM 1610 Fast Ring

  • Launch an elevated command prompt
  • Run PowerShell
  • Run the EnableFastUpdateRing1610.ps1 script
    • EnableFastUpdateRing1610.ps1 where SiteServer refers to the CAS or standalone primary site server
  • Force a check for the update.
    • If you are upgrading from version 1602 or higher go to Administration, Overview, Cloud Services, Updates and Servicing and click “Check for Updates”.  You may need to try “Check for Updates” more than once if the package is not downloaded on the first try.
    • If you are upgrading from version 1511, restart the SMS_Executive.
  • The new 1610 Update should now be available in the Configuration Manager Console.

Download SCCM 1610 update

Now that Fastring has been enabled, go back to your SCCM console and right click the Updates and Servicing node and click check for updates.

sccm-1606-check-for-updates

Give SCCM sometime to start the download of SCCM 1610. Refresh the console to see the status and then proceed to install when downloaded.

sccm 1610 downloading

 SCCM 1610 Downloaded

Now hopefully your SCCM 1610 update has downloaded and is now available in your console.

sccm 1610 downloaded

Select the Configuration Manager 1610 update, right click and choose Run prerequisite check.

sccm 1610 prerequisite check

SCCM will now check your environment is ready for the upgrade to SCCM 1610.

sccm 1610 prerequisite checks

Let SCCM complete the check, refresh the console to see when it has completed.

 sccm 1610 prerequisite check complete

SCCM 1610 Update Installation

Now that the prerequisites have been checked and passed, you can now start to install the upgrade to SCCM 1610. Right click the update and choose Install Update Pack.

sccm 1610 install update pack

SCCM 1610 Update Installation – General Tab

The General Tab starts off the installation of the SCCM 1610 update. Click Next when you are ready to install.

sccm 1610 update 1

SCCM 1610 Update Installation – Features Tab

On the Features tab, you can select which options you wish to install. Click Next when ready to proceed.

sccm 1610 update 2

SCCM 1610 Update Installation – Client Update Options Tab

Next is the Client update options Tab, you can choose on this tab to upgrade without validating or validate the upgrade in a pre-production collection. As this is one of our lab environments, I have chosen to upgrade without validating. If this is your production environment, it always pays to be mindful of any upgrades, SCCM included so it may be worth you choosing the other option and validating the upgrade against a test collection.

Choose the option you wish and click Next.

sccm 1610 update 3

SCCM 1610 Update Installation – Licensing Terms Tab

Accept the license terms and privacy statement and click Next.

sccm 1610 update 4

SCCM 1610 Update Installation – Summary Tab

On the Summary Tab, confirm the options you have chosen are correct and then click on Next to continue.

sccm 1610 update 5

SCCM 1610 Update Installation – Progress Tab

The update to SCCM 1610 will now install.

sccm 1610 update 6

SCCM 1610 Update Installation – Completion Tab

Hopefully all went with your installation of SCCM 1610 and you should see a screen similar to the one below. Click now on Close and SCCM will continue updating in the background.

sccm 1610 update 7

SCCM 1610 Update Installation – Update Log

To view the installation logs, go to your C Drive of your SCCM server and locate the ConfigMgrSetup.log. If you have Trace32 installed, double click the log file to see the installation status.

sccm 1610 update log

Refreshing the console shows that the SCCM 1610 update is installing. Depending on your infrastructure, this could take some time.

sccm 1610 update 8

Monitor the SCCM 1610 upgrade – Installation Status

You can additionally monitor the status of the installation of SCCM 1610 in your console. Go to the Monitoring tab, then Updates and Servicing Status where you can see the updates you have applied. Highlight the Configuration Manager 1610 update and right click and chose show status.

sccm 1610 update 9

sccm 1610 update 10

Also, the cmupdate.log contains more details of the installation progress.

sccm 1610 update 11

You should see after quite sometime that your SCCM version is now showing as version SCCM 1610

sccm 1610 installed

You can finally go and party like its 1999. Dont forget since you are here, to check out our many software products that help make an Administrators life easy.

sccm 1610 finally upgraded

KB3176934 breaks Windows 10 Powershell

KB3176934 breaks Windows 10 Powershell

by | Aug 26, 2016 | Errors, Patch Management, Patch Releases, Risk, Security

Windows 10 has been a reliable operating system for many users, but recently, some patches released by Microsoft have caused various issues. One of the latest problems is caused by KB3176934, which appears to break Windows 10 PowerShell. In particular, it affects the Desired State Configuration (DSC) functionality in PowerShell, rendering it useless.

What is KB3176934?

KB3176934 is a security update released by Microsoft in August. The patch was meant to fix some security issues with the operating system, but instead, it caused a problem with PowerShell. The issue is related to a missing .MOF file in the build package, causing the update to break DSC.

The Consequences of the Issue

The missing .MOF file leads to all DSC operations resulting in an “Invalid Property” error. This means that if you are using DSC on any Windows client, or from any Windows client, you should uninstall the update. The PowerShell function will be completely unusable until the KB3176934 update is removed.

what is happening

Other Issues Caused by Recent Patches

This isn’t the only issue caused by the August releases of patches by Microsoft. Two other known issues were caused by security patches, namely Microsoft patches KB3177725 and KB3176493 causing printing issues, and Microsoft Patch KB3179575 causing authentication issues with Windows 2012 servers. Fortunately, a fix for the printing issue problem (KB3187022) has been released. Still, there has been no correspondence regarding the authentication issues, making it unclear whether a fix is coming soon.

How to Fix the PowerShell Issue

If you have experienced this issue on your Windows 10 machine, don’t worry. There is a solution, and it’s relatively easy to implement. The only way to fix this problem is to uninstall KB3176934 from the affected machine. Once you have removed the update, DSC functionality should be restored to PowerShell

Conclusion

If you use PowerShell for DSC, KB3176934 is a patch you need to avoid. While it’s essential to keep your operating system up to date, this update is not worth the trouble. The missing .MOF file breaks DSC functionality, leading to an “Invalid Property” error, rendering it useless. It’s crucial to stay aware of the latest updates from Microsoft and to remove any problematic ones as soon as possible.

 
Deploying a Zero Day Exploit Update Fix with Microsoft SCCM 2012

Deploying a Zero Day Exploit Update Fix with Microsoft SCCM 2012

by | Jul 5, 2016 | Deployment, How To, Patch Management, Patch Releases, Risk, SCCM, Security

Deploying a Zero Day Exploit Fix with Microsoft SCCM 2012

Zero Day exploits are vulnerabilities that are found and can be used by hackers to exploit and use for malicious or personal intent. These exploits have been known to affect both software and hardware, causing issues to programs, data, computers, and networks. Once a patch or fix is released by the vendor, the issue is no longer known as a Zero Day vulnerability. In this article, we will discuss how to remediate Zero Day attacks and how to deploy a Zero Day exploit fix using Microsoft SCCM

Remediating Zero Day Attacks

Unfortunately, there isn’t much that can be done until a fix or update is released that patches the security hole. Once a patch is released, it is best to deploy and apply the patch as soon as possible. To reduce the risk of unknown vulnerabilities, it is good practice to keep your hardware and software up to date. This will remove any previously found vulnerabilities from your environment as patches are applied. Having a patching process in place and suitable infrastructure to do so (e.g., Microsoft SCCM and SnaPatch) where you can deploy updates easily and often are also good practices.

Deploying a Zero Day Exploit Patch Using SCCM

Unfortunately, there isn’t much that can be done until a fix or update is released that patches the security hole. Once a patch is released, it is best to deploy and apply the patch as soon as possible. To reduce the risk of unknown vulnerabilities, it is good practice to keep your hardware and software up to date. This will remove any previously found vulnerabilities from your environment as patches are applied. Having a patching process in place and suitable infrastructure to do so (e.g., Microsoft SCCM and SnaPatch) where you can deploy updates easily and often are also good practices.

 Zero Day Exploit Overview

So what exactly is a Zero Day Exploit you ask? To be exact, a Zero Day Exploit is a vulnerability that is found that a possible Hacker can use to exploit and use for malicious or personal intent. The Vendor (software or hardware) has Zero Days to plan, mitigate and fix the issue so that there is no further exploitation of the vulnerability. The exploits have been known to be for either software (Operating Systems and Software) and hardware. They have been known to cause issues to programs, data, computers and to the network.

Zero Day Exploit

Zero Day Attack Timeline

In the case of a breach being found in some software, a Zero Day Exploit normally follows this;

  1. A hacker finds a vulnerability with a product (software/hardware).
  2. The hacker writes an exploit and uses it either to be malicious or financial gain.
  3. Exploit is detected either by Users, Security Companies or the Vendor themselves.
  4. The Vendor studies the new exploit and develops a fix.
  5. The Vendor releases a new patch to fix the exploit
  6. Users install the Patch or Virus Definition update.

The biggest issue with a Zero Day Exploit is that they are generally unknown until they have been used to breach systems, leaving everyone vulnerable until the Vendor releases security advice on how to remediate the issue or a patch or update. This could be days, weeks, months or even years before the Vendor learns of the vulnerability. Once a Patch or Fix has been released by the Vendor, then the issue is no longer known as a Zero Day Vulnerability.

How to remediate Zero Day Attacks

Unfortunately there isnt much that can be done until there is a fix or update released that patches the security hole. Once a patch is released it is best to deploy and apply the patch as soon as is possible.

To also reduce the risk, it is good practice which will aid you in mitigation of vulnerabilities that are unknown to yourself if you keep your hardware and software patched up to date. This will remove from your environment any previously found vulnerabilities as patches are applied. Having a Patching Process in place and suitable infrastructure to do so (ie Microsoft SCCM and SnaPatch for instance) where you can deploy updates easily and often are also good practice.

 

Using SCCM to deploy a Zero Day Exploit Patch

If you are using Microsofts SCCM 2012, you can easily deploy an update that addresses a Zero Day Vulnerability by following these steps;

  1. Log on to your SCCM console, then go to Software Library, then expand Software Updates and highlight All Software Upates. Now Right Click and choose Synchronise Software Updates. This will synchronise your SCCM server with your WSUS updates server. Allow a few minutes for the new updates to populate the view. You can check the Wsyncmgr.log to view the update synchronisation.Zero Day Exploit
  2. If you know the Bulletin ID number (the update number released by Microsoft in the format MSXX-XXX. In this example I am choosing MS16-082), you can now search for this within the console.SCCM Zero Day Exploit
  3. Make sure that the update has downloaded and if not, right click the update and choose Download. You will obviously need to give the update sometime to download in to your environment and be ready for deployment. Click this link to see how to manually download updates if you dont know how.

    Zero Day Exploit Download
  4. When the update is downloaded and ready for deployment, you are now ready to deploy the Update. (If you are using SnaPatch to deploy the updates, go straight to the SnaPatch Section below.)
    Right Click the update (or updates) and choose Deploy.
    Enter in a Deployment Name, Description, and choose the collection you wish the Zero Day exploit to deploy to. Once you have chosen the correct settings, click on Next.SCCM Zero Day Exploit General Tab
  5. On the Deployment Tab, leave the type of deployment as Required and choose the level of detail you want then click on Next.SCCM Zero Day Exploit Deployment Settings
  6. Now to schedule when you want the update to deploy. As this is a Zero Day Exploit that you want patched quickly, schedule the patch to be available As Soon As Possible for both the Software Available Time and Installation Deadline. Please note, that more often than not, the installation of an update will cause systems to restart. Please make sure you have informed the appropriate people and that you have approval for deployment. Nothing worse than deploying an update and having to answer to Management as you caused unwarranted system outages.SCCM Zero Day Exploit Schedule Tab
  7. The User Experience Tab is where you set how the deployment will interact with Users. You can set if the users are notified within the Software Centre that an update is available for installation, when the deployment deadline is reached whether the update can install and restart the system outside a maintenance window, and finally whether you wish to suppress a system restart. As this is an urgent deployment, I have chosen to allow installation and restart to be allowed outside any maintenance windows. Choose the settings you require and click on Next.SCCM Zero Day Exploit User Experience Tab
  8. If you have System Centre Operations Manager (Microsoft SCOM) in your environment you can choose to generate an alert with criteria you specify. In this example we are not going to specify any settings. Click on Next when you have made your selections.SCCM Zero Day Exploit Attack
  9. The Download Settings tab allows you to choose client download settings. If a client is on a slow or unreliable network boundary you can choose if they dont install the update or from another distribution point. Allowing clients to share content between themselves is a great feature of SCCM as it will stop other client machines downloading the same updates and possibly flooding a network link. The clients will all share the update between themselves if they are on the same subnet. Also if they cannot download the update from a SCCM distribution point, allowing them to download from Microsoft Update is available as well.
    Click on Next when ready to.Zero Day Attack
  10. Now you can review all the settings on the Summary Tab. Confirm you are happy with all the settings and then click Next.Microsoft Zero Day Exploit
  11. The progress of the deployment will now be shown.Zero Day Exploit Progress
  12. Your Zero Day Exploit deployment should now be ready to be deployed to your SCCM clients as per the settings you have set.Microsoft Zero Day Exploit Deployment

Using SnaPatch for Zero Day Exploit Deployment

If you are using SnaPatch to aid you with the deployment of Windows Updates with Microsoft’s SCCM, you can follow on from Steps 1 to 4 from above.

  1. Open the SnaPatch console and choose the SnaPatch Icon to start the snapshot and patch deployment process.Zero Day Exploit SnaPatch
  2. Now you are presented with all the SCCM Collections and Systems available to deploy the Zero Day Exploit to. Choose the systems you want to receive the patch and click on Add.
    SnaPatch Zero Day Exploit
    If the machines are virtual (either a VMWare or HyperV virtual machine) you can choose whether to take a snapshot of the servers prior to deployment of the zero day patch. Should the servers not have a successfully snapshot completed, then they will not receive the update deployment. The snapshot of the virtual machines gives you a quick rollback position should the update cause an issue in your environment.
    When you have chosen all the machines you wish and if you would like a snapshot, click on the green arrow to continue.
  3. The next window in the SnaPatch process, is to chose the update you wish to deploy. As this is a Zero Day patch and we know the Microsoft article number (which in this example is MS16-082), type in the KB or MS article number and choose search.
    Select the update, confirm that it has been downloaded (as per step 3 above) and now choose if you want the update to deploy to an existing Update Group or to create a new one. SnaPatch deploy Zero Day Exploit
  4. As this is an urgent deployment, I am choosing Create & Deploy Update Group. Give the Software Update Group a Name and Description and click Create.SnaPatch Zero Day Exploit SCCM
  5. Confirmation that the Software Update Group has been created. Click OK.Zero Day Exploit Software Update Group
  6. Next we have to schedule deployment. Click Schedule Job.SnaPatch Zero Day Exploit Schedule
  7. Now on the scheduling window, click on New.SnaPatch Zero Day Exploit scheduling
  8. Choose an appropriate schedule when you would like the deployment to happen. This will set up the update deployment for the time you specify. Click OK when you are ready to proceed, then close the scheduling Window.SnaPatch SCCM Zero Day Exploit
  9. On the Maintenance Window choose the duration you want the snapshots to be performed and the updates to be installed during. Click on Finish when complete.Zero Day Exploit Maintenance WindowThats all there is to it. SnaPatch will now create a deployment of the Zero Day Exploit Patch within Microsoft SCCM and set the Maintenance Window. When the maintenance window is reached, SnaPatch will interact with your Vmware or HyperV hosts and start a snapshot of the servers you have selected. Once the snapshot is complete SnaPatch then contacts SCCM and allows SCCM to deploy the patch to those servers. You will also receive email notifications throughout the snapshot and deployment process.
    Click for further information on SnaPatch Patch Management.

Zero Day exploits can cause serious issues to programs, data, computers, and networks. It is essential to deploy patches and fixes as soon as possible to reduce the risk of exploitation. Using Microsoft SCCM 2012 to deploy a Zero Day exploit fix is an easy process that can be completed by following the steps outlined above. Keeping your hardware and software up to date and having a patching process in place are good practices to mitigate the risk of unknown vulnerabilities.

Create a SCCM Automatic Deployment Rule for SCEP definition updates

Create a SCCM Automatic Deployment Rule for SCEP definition updates

by | Jun 30, 2016 | Deployment, Endpoint Protection, How To, SCCM

SCEP Definition Automatic Deployment Rule in SCCM 2012 R2

If you have setup your SCCM environment with the Microsoft product, System Centre Endpoint Protection (SCEP) and have deployed the SCEP agent to your client computers the next task you need to complete is the creation of an Automatic Deployment Rule for the antivirus updates.  Automatic Deployment Rules as the name suggests, automate the deployment of updates and definitions to your environment. You can set deadlines when things should install, maintenance windows when reboots and installation should occur and also the download of Windows updates ( you can specify products you would like updates to download for and what severity ie critical, important and security) and SCEP definitions without any manual intervention.

Creating an Automatic Deployment Rule for System Centre Endpoint Protection (SCEP) definition updates in SCCM can help streamline the process of deploying and updating antivirus definitions across an organization. By automating the deployment of updates and definitions, IT administrators can save time and ensure that all client computers have the latest protection against known threats. With SCCM’s customization options, administrators can set deadlines for updates, specify maintenance windows, and even control the download of Windows updates. This ensures that updates are deployed efficiently and without any manual intervention, allowing administrators to focus on other important tasks.

 

Creating an Automatic Deployment Rule in SCCM 2012 R2 for SCEP Definition Deployment

Create Automatic Deployment Rule

Open your SCCM 2012 console and navigate to Software Library – Overview – Software Updates – Automatic Deployment Rules. 

Right click Automatic Deployment Rules and then choose Create Automatic Deployment Rule 

SCEP ADR Setup

SCEP ADR – General Tab

Now specify a descriptive name for the Automatic Deployment Rule, a description that will easily identify what this ADR is for and then choose an appropriate template from the dropdown box (I have chosen the standard definitions updates). Then Click on Next

SCEP Definition Updates

SCEP ADR – Deployment Settings Tab

I left the settings as default on this page as I want to automatically approve any license agreements and dont have a requirement to wake up client computers. If you want to deploy the SCEP updates after hours while your client computers are off and wish to wake them up for the client updates (this depends on if your environment has Wake On Lan capability) choose the Wake On Lan checkbox.

SCEP Automatic Deployment Rule

SCEP ADR – Software Updates Tab

Make sure that the search criteria is correct, that the Product says Forefront Endpoint Protection 2010 or Windows Defender and that the Update Classification shows Definition Updates and choose next.

SCEP Definition Automatic Deployment Rule

SCEP ADR – Evaluation Schedule Tab

Choose how often the Software Update Point synchronises.

SCEP Definition ADR

SCEP ADR – Deployment Schedule Tab

Now we can configure when the updates are available to be installed on client computers. In the example below, I left this as the default 1 Hour. You can choose what ever is suitable for your environment.

SCEP Updates

SCEP ADR – User Experience Tab

The following screen is where you set whether or not you will notify the users that there is a new SCEP definition update available for their machines. Most often than not, it is best to suppress these notifications from the end user as there could be multiple updates released daily. Notifying them every few hours would surely annoy them, which in turn they will annoy the Administrator.

SCEP Definition Deployment

SCEP ADR – Alerts Tab

If you have System Centre Operations Manager (Microsoft’s SCOM) you can choose whether any alerts are enabled / disabled and if required, what conditions to generate an alert

SCCM SCEP

SCEP ADR – Download Settings Tab

Now we are up to the Download Settings page. Choose the option that is suitable to your environment. It is always a good idea, if you have lots of remote sites without an SCCM distribution Point available, to allow the clients to share content with other clients on the same subnet.

SCCM SCEP Updates

SCEP ADR – Deployment Package Tab

On this page, we are creating a new deployment package for the Definitions Updates. Again, it is good practice to give a descriptive name and description that is easily identifiable to others. Also, choose a source location with enough storage to store the definitions.

System Centre Endpoint Protection

SCEP ADR – Distribution Points Tab

Choose which distribution points you would like the update definitions to be shared to and from. I choose the All Distribution Points as I want the updates available from everywhere in the environment.

SCCM System Centre Endpoint Protection

SCEP ADR – Download Location Tab

If you are downloading the definition updates manually, you can set the location for where SCCM should look for new definitions. If not, choose Download Software Updates from the Internet and click on Next.

SCCM Antivirus

SCEP ADR – Language Selection Tab

Specify which languages you wish the SCEP definition update to deploy as. You can choose multiple languages as required.

SCCM SCEP Antivirus

SCEP ADR – Summary Tab

Review the Summary page to confirm you are happy with the settings you have chosen. Once you are satisfied with your selection, click Next.

SCCM SCEP Antivirus updates

SCEP ADR – Progress Tab

The Automatic Deployment Rule will quickly run through some checks, and once completed, click on Close.

SCCM SCEP Antivirus definitions

SCEP ADR – Manual Invocation

That is all there is too it. The Automatic Deployment Rule will run with all the settings you have selected. If you ever wish to manually run the rule, right click it and choose run now.

SCCM SCEP Antivirus definition deployment

Click on the link to see how to create an SCCM Automatic Deployment Rule for Windows Updates.

SCCM ADR for SCEP Conclusion

Creating an Automatic Deployment Rule in SCCM 2012 R2 for SCEP Definition Deployment is a straightforward process that can save administrators valuable time. Once you set up the Automatic Deployment Rule, the updates will deploy to your client computers without any manual intervention.