The Security Patch Bulletin Catalog

Previous page
Table of content
Next page

The Security Patch Bulletin Catalog

All the available patch management tools discussed in this chapter utilize the Security Patch Bulletin Catalog (MSSecure.xml) to determine which security updates are installed and which are required on target computers. Every time a patch management tool is executed, it automatically downloads the latest version of MSSecure.xml to ensure that you check for the application of the latest security bulletins.

If you implement a custom tool for managing software patches or if you must execute a patch management tool from a computer not connected to the Internet, you can download, to another computer, the latest version of the Security Patch Bulletin Catalog in the cabinet (.cab) file format from http://www.microsoft.com/technet/security/search/mssecure.cab. The cabinet format is digitally signed by Microsoft to identify whether it is modified, and it provides proof that you have the legitimate version of the latest security patch bulletin catalog.

The following code sample shows the entry for MS02-010, a security patch that protects against a buffer overflow attack against Microsoft Commerce Server 2000. The MSSecure.xml file contains a section named <Bulletins> that provides all available bulletins included in the file:

<Bulletin Bulletin BulletinLocation FAQLocation FAQPageName="FQ02-010" Title="Unchecked Buffer in ISAPI Filter Could Allow Commerce Server Compromise" DatePosted="2002/02/21"  DateRevised="2002/02/21" Supported="Yes" Summary="A security vulnerability results because AuthFilter contains an unchecked buffer in a section of code that handles certain types of authentication requests. An attacker who provided authentication data that overran the buffer could cause the Commerce Server process to fail, or could run code in the security context of the Commerce Server process. The process runs with LocalSystem privileges, so exploiting the vulnerability would give the attacker complete control of the server."  Issue="" ImpactSeverity PreReqSeverity MitigationSeverity  PopularitySeverity> <BulletinComments /> <QNumbers> <QNumber QNumber="Q317615" /> </QNumbers> <Patches> <Patch PatchName="tempcs" PatchLocation SB  SQNumber="Q317615" NoReboot="0"> <PatchComments /> <AffectedProduct Product FixedInSP="0"> <AffectedServicePack ServicePack /> </AffectedProduct> </Patch> </Patches> </Bulletin>

We do not expect you to memorize the syntax of the MSSecure.xml file. This example is provided to allow you to see what information is provided in the file for patch tools to determine whether a security update is applied on a target computer.

The <Bulletin Bulletin> line provides detailed information on the security bulletin related to the MS02-010 security patch. The line includes a summary of the security vulnerability as well as the ratings of the security bulletin. The line also includes the BulletinLocationID and FAQLocationID references, which indicate where the security bulletin can be acquired. These two location IDs reference location ID "73", which is detailed in a later section of the MSSecure.xml file:

<Locations> <Location Location Path="http://www.microsoft.com/technet/security/bulletin" AbsolutePath="False" /> </Locations>

The <QNumbers> section details the Microsoft Knowledge Base article or articles detailing the security vulnerability. In this case, the security vulnerability is detailed in 317615, Unchecked Buffer in ISAPI Filter May Allow Commerce Server Compromise.

The <Patches> section details specific patches required to protect against a security vulnerability. The <Patches> section includes information on the affected products (in this case, Product) and the affected service pack level (ServicePack.) These two numbers also reference sections appearing later in the MSSecure.xml file:

<Products> <Product Product Name="Commerce Server 2000" MinimumSupportedServicePack CurrentServicePack CurrentVersion=""> <ProductFamilies /> <AvailableSPs> <AvailableSP ServicePack /> <AvailableSP ServicePack /> </AvailableSPs> </Product> </Products>

As with most security patches, the MS02-010 security patch is dependent upon the service pack level at the target computer. In the <Bulletins> section, the MS02-010 security update entry indicates that the affected ServicePackID is "168". In the <Products> section, the entry for Commerce Server 2000 indicates that two ServicePackIDs are available: "167" and "168". The actual names of these service pack levels are detailed in the <ServicePacks> section of the MSSecure.xml file:

<ServicePacks> <ServicePack ServicePack Name="Commerce Server 2000 Gold"  URL="" ReleaseDate="" /> <ServicePack ServicePack Name="Commerce Server 2000 SP2" URL="" ReleaseDate="" /> </ServicePacks>

Based on this information, you can see that the MS02-010 security update requires the application of Commerce Server 2000 Service Pack 2.

Once a security patch is released, it can be updated later. The <Bulletin> line includes information on the date the security patch was released as well as the date it was revised, if revision was required. Typically, the summary of the bulletin is updated to reflect which modifications were performed to the security patch.


Previous page
Table of content
Next page
Microsoft Windows Security Resource Kit
Microsoft Windows Security Resource Kit
ISBN: 0735621748
EAN: 2147483647
Year: 2003
Pages: 189
Authors: Ben Smith, Brian Komar
BUY ON AMAZON
Systematic Software Testing (Artech House Computer Library)
Mapping Hacks: Tips & Tools for Electronic Cartography
Microsoft WSH and VBScript Programming for the Absolute Beginner
PMP Practice Questions Exam Cram 2
Special Edition Using FileMaker 8
Python Standard Library (Nutshell Handbooks) with
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy