[BESAdmin-Announcements] Disable Windows auto updates / New Service Pack Fixlets available / Changes to SANS Top 10

besadmin-announcements at bigmail.bigfix.com besadmin-announcements at bigmail.bigfix.com
Tue Apr 5 14:41:42 PDT 2005

There are three new announcements regarding BES:

Disable Automatic Update Before Auto-WinXP SP2 download:

Microsoft has announced that the mechanism to temporary disable delivery of
Windows XP SP2 will expire on April 12, 2005. This means that if Automatic
Updates is enabled on a Windows XP computer, the computer will slowly
download and then install Windows XP SP2. This could potentially cause
bandwidth problems on in your network as every computer will download the
large service pack from the Internet. Also, you will have no control over
when the service pack was deployed and run.
To address this issue, BigFix has published Task message #13406 in the
English "Patches for Windows" Fixlet site that detects computers that have
this setting enabled and allows you to disable Automatic Updates completely
on those machines.
BigFix recommends taking this action before April 12th to prevent Windows XP
SP2 from being automatically deployed to these computers, which will also
turn on Windows Firewall and block BES communication. To deploy Windows XP
SP2, use the appropriate Fixlet messages already provided in the "Patches
for Windows" Fixlet sites. (Fixlet messages #13404 and #13405) For more
information, see Microsoft's web page:


New Microsoft Service Pack Fixlets Available:

In the past two weeks, you may have noticed that we have released Fixlets
for several new Service Packs:
- Windows Server 2003 SP1        
- ISA Server 2004 Standard Edition SP1
- .NET Framework 1.1 SP1
- .NET Framework 1.0 SP3
Look for these on the Patches for Windows site.

Changes to the SANS Top 10 Fixlet site:

The following announcement applies to BES customers who purchased the "SANS
Top 10" Fixlet site that detects vulnerabilities in the ten most commonly
exploited vulnerable services in Windows. (More information about the SANS
Top 10 vulnerability list for Windows is available at
<http://www.sans.org/top20/> http://www.sans.org/top20/).

By popular demand, the following changes have been made to the SANS Top 10
Fixlet site: 
1. Previously, the SANS Top 10 Fixlet site displayed Fixlet messages related
to Microsoft patches. The Fixlet messages related to Microsoft patches have
now removed so it should be easier to see the Fixlet messages related to
non-patch security vulnerabilities.
The reason for this change is that many customers said that they did not
like to see the patch information in the SANS Top 10 Fixlet site when they
already saw patch-related Fixlet messages in the Patches for Windows Fixlet
2. Previously, the SANS Top 10 Fixlet messages were only relevant on Windows
computers with an English operating system. This restriction has now been
removed so the SANS Top 10 Fixlet messages now can be relevant on any
language of the Windows operating system.  
More information about the SANS Top 10 Fixlet site and the complete
Vulnerability Management offerings can be found at:

BES 5.1 is in testing and on track for a mid-Q2 release. More announcements
to follow.
BigFix Product Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://bigmail.bigfix.com/pipermail/besadmin-announcements/attachments/20050405/ffa3cb57/attachment.html

More information about the Besadmin-announcements mailing list