Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS
-
Upload
lumension -
Category
Technology
-
view
777 -
download
1
Transcript of Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS
![Page 1: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/1.jpg)
Sponsored byUsing SCUP (System Center Updates
Publisher) to Security Patch 3rd Party Apps
with WSUS
© 2014 Monterey Technology Group Inc.
![Page 2: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/2.jpg)
Thanks toRuss Ernst, Director, Product Management
© 2014 Monterey Technology Group Inc.
www.Lumension.com
![Page 3: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/3.jpg)
Preview of Key Points
SCUP overview
Building software updates
Understanding the overall process
Where to obtain pre-built update catalogs?
© 2014 Monterey Technology Group Inc.
![Page 4: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/4.jpg)
Compliance 3rd party security patching
What’s your state of compliance?
How do you demonstrate it?
© 2014 Monterey Technology Group Inc.
![Page 5: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/5.jpg)
SCUP
Single-user application
Define software updates Update program itself Prerequisites Applicability rules Already installed rules
Publish to WSUS and SC Configuration Manager
© 2014 Monterey Technology Group Inc.
![Page 6: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/6.jpg)
SCUP
SCUP objects Catalog Software Updates Software Update Bundles Publications
© 2014 Monterey Technology Group Inc.
![Page 7: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/7.jpg)
SCUP
Catalogs
Software
Updates
SCCM
WSUS
Custom Create
d
Approve
Publications
Software Update Bundles
© 2014 Monterey Technology Group Inc.
![Page 8: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/8.jpg)
SCUP Catalog
Catalog Collection of pre-built software updates Some published through Microsoft on the Internet Others available for import
Creating your own updates? No need for a catalog
© 2014 Monterey Technology Group Inc.
![Page 9: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/9.jpg)
SCUP Software Update
Software Update Actual installation file Rules
© 2014 Monterey Technology Group Inc.
![Page 10: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/10.jpg)
SCUP Software Update
Software Update Actual installation file
Types MSP – Windows Installer patch file MSI – Windows installer file EXE – Standalone EXE that performs update
Java Success return codes Command line parameters
© 2014 Monterey Technology Group Inc.
![Page 11: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/11.jpg)
SCUP Software Update
Software Update Prerequisites
CPU Architecture Language Other updates
Installable rules i.e. Does this computer need this update?
Installed rules i.e. Does this computer already have this update?
Superseded updates
© 2014 Monterey Technology Group Inc.
![Page 12: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/12.jpg)
Applicability rules
Depend on the update file type EXEs
Specify files that should be present with version number, date, etc
Registry keys MSPs
Automatically generated from meta-data in the MSP itself Should not have to create additional rules unless MSP not
authored well MSIs
Automatically generated But still necessary to add a rule to check if application being
updated is installed or not
© 2014 Monterey Technology Group Inc.
![Page 13: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/13.jpg)
Pre-built rules
Great for re-use or templates Java JRE file version rule template Operating system version
© 2014 Monterey Technology Group Inc.
![Page 14: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/14.jpg)
SCUP
Pre-reqs WSUS SCCM
Initial setup tasks Client trust
Enable “Allow signed updates for an intranet Microsoft update service location”
Choose signing certificate Deploy to Trusted Root CAs, Trusted Publishers
Install SCUP
© 2014 Monterey Technology Group Inc.
![Page 15: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/15.jpg)
SCUP
Over all process1. Get the patch2. Research
Pre-requisites Applicability criteria Installation evidence
3. Perform manual install using necessary command line parameters
4. Verify installation evidence Files Registry keys
5. Stage the software where clients can access it6. Create Software Update in SCUP7. Publish to WSUS8. Test via SCCM
Installed on required systems? Not installed on n/a systems?
9. Rollout to systems via SCCM
© 2014 Monterey Technology Group Inc.
![Page 16: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/16.jpg)
Bottom line
Very few vendors publish catalogs for updating their own tools
Adobe Acrobat and Flash
Oracle Java
Those that do seem have quality issues
Create updates yourself Viable but time-consuming
Why does everyone have to re-invent the wheel? They don’t
© 2014 Monterey Technology Group Inc.
![Page 17: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/17.jpg)
SCUP with Lumension
SCUP with Lumension1. Get the patch2. Research
Pre-requisites Applicability criteria Installation evidence
3. Perform manual install using necessary command line parameters
4. Verify installation evidence Files Registry keys
5. Stage the software where clients can access it6. Create Software Update in SCUP7. Publish to WSUS8. Test via SCCM
Installed on required systems? Not installed on n/a systems?
9. Rollout to systems via SCCM
Import Lumension catalog
© 2014 Monterey Technology Group Inc.
![Page 18: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/18.jpg)
“Better than Free”
18PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
For more, see https://www.lumension.com/system-center/patch-manager-desktop/requirements.aspx (scroll to bottom)
![Page 19: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/19.jpg)
PROPRIETARY & CONFIDENTIAL - NOT FOR PUBLIC DISTRIBUTION
Additional Information
19
Free Cataloghttps://www.lumension.com/system-center/patch-manager-desktop/free-catalog.aspx
https://www.lumension.com/system-center/patch-manager-desktop.aspx
![Page 20: Using SCUP (System Center Updates Publisher) to Security Patch 3rd Party Apps with WSUS](https://reader030.fdocuments.net/reader030/viewer/2022032514/55d56c16bb61eb206e8b472f/html5/thumbnails/20.jpg)
Global Headquarters8660 East Hartford DriveSuite 300Scottsdale, AZ 85255
[email protected] http://blog.lumension.com