From besadmin-announcements at bigmail.bigfix.com Mon Jul 4 06:51:39 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Mon, 4 Jul 2016 13:51:39 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Tue Jul 5 06:39:36 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Tue, 5 Jul 2016 13:39:36 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Tue Jul 5 16:02:55 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Tue, 5 Jul 2016 16:02:55 -0700 Subject: [BESAdmin-Announcements] IBM BigFix WebUI Update: SAML Only Mode and other minor updates and fixes Message-ID: The IBM BigFix team has updated the BigFix WebUI application. The option to start the WebUI in SAML-Only mode has been added. SAML-Only mode allows you to use SAML authentication for Web Reports and the BigFix Console without enabling the full set of WebUI applications or the WebUI ETL process, which can quickly consume system resources in large deployments. Enhancements to the overview dashboards have been made to improve the data, name and performance of some overview tile queries. Warnings have also been added for slow running overview tile queries. Additionally a number of localization fixes and other minor bug fixes have been addressed. Actions to Take: No action is necessary. Updated WebUI application site will be gathered and loaded automatically. Predefined overview tiles will be automatically updated. Additional Information: For information about enabling SAML-Only Mode, please refer to the following Knowledge Center page: http://www.ibm.com/support/knowledgecenter/SSTK87_9.5.0/com.ibm.bigfix.webui.doc/WebUI/Admin_Guide/c_saml_2_0.html IBM BigFix Team -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Thu Jul 7 06:17:33 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Thu, 7 Jul 2016 13:17:33 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Thu Jul 7 10:40:20 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Fri, 8 Jul 2016 01:40:20 +0800 Subject: [BESAdmin-Announcements] IBM BigFix Compliance PCI Add-on: Updated Content: PCI DSS Checklists for several Windows operating systems published 2016-07-07 Message-ID: Product: IBM BigFix Compliance PCI Add-on Title: Updated Security Configuration Management (SCM) PCI DSS Checklists for Windows 2008, Windows 2012, Windows 7, Windows Embedded POSReady 7, and Windows Embedded Standard 7 to comply with PCI DSS v3.2 Category: Updated SCM checklist Published Benchmark: Payment Card Industry Data Security Standard v3.2 Details: The IBM BigFix Compliance PCI Add-on team has updated the content for the Payment Card Industry Data Security Standard (PCI DSS) checklists for Windows 2008, Windows 2012, Windows 7, Windows Embedded POSReady 7, and Windows Embedded Standard 7 to comply with PCI DSS v3.2, as well as to include other enhancements. Details are as follows. PCI DSS v3.2 support: PCI DSS Requirements and Security Assessment Procedures v3.2 is supported in the identified Windows checklists. Existing checks are updated to adopt to the new standard and new checks are added to conform to the new requirements. The following PCI DSS v3.2 specific checks are added to the checklists: o ?PCI DSS v3.2: Verify that Security Policy "Windows Firewall: Log successful connection(Private)" is set to Yes? (pcidss-10.8.b.1) o ?PCI DSS v3.2: Verify that Security Policy "Windows Firewall: Log successful connection(Public)" is set to Yes? (pcidss-10.8.b.2) o ?PCI DSS v3.2: Verify that Security Policy "Windows Firewall: Log successful connection(Domain)" is set to Yes? (pcidss-10.8.b.3) o ?PCI DSS v3.2: Verify that "Audit Policy: Policy Change: MPSSVC Rule-Level Policy Change" is set to 'Success, Failure'? (pcidss-10.8.b.4) o ?PCI DSS v3.2: Verify that "Audit Policy: Detailed Tracking: Process Termination" is set to Success? (pcidss-10.8.b.6) o ?PCI DSS v3.2: Verify that System Directory(Program Files (x86)) Ownership is set to 'Administrators'? (pcidss-10.8.b.7) o ?PCI DSS v3.2: Verify that System Directory(Program Files) Ownership is set to 'Administrators'? (pcidss-10.8.b.8) o ?PCI DSS v3.2: Verify that System Directory(Windows) Ownership is set to 'Administrators'? (pcidss-10.8.b.9) Note: The manual remediation steps for the last three checks listed above are specific to its operating system, hence, the steps for Windows 2012 are slightly different from the other Windows platforms. Other enhancements: The checks related to TLS and SSL that are not compliant are removed from the identified Windows checklists. Mandatory checks related to TLS and SSL are renamed to comply with the PCI DSS benchmark. The checks in the identified checklists include: o ?Verify that "Microsoft FTP Publishing Service" is set to Disabled? (pcidss-2.2.3.9) o ?Verify that ports using SSL/TLS are configured only to use TLS v1.2? (pcidss-4.1.g) The check named ?Turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, Secure Sockets Layer (SSL) 2.0, 3.0? (pcidss-4.1.g) is added in the identified Windows checklists. The following checks are added to the Windows 2008, Windows 7, Windows Embedded POSReady 7, and Windows Embedded Standard 7 checklists to extend the coverage for the PCI DSS benchmark: o ?Verify that "Interactive logon: Number of previous logons to cache (in case domain controller is not available)" is set to '4 or fewer logon(s)'? (pcidss-3.1.a) o ?Verify that "Interactive logon: Message title for users attempting to log on" is configured? (pcidss-2.2.4.c.15) The following checks are updated for the Windows Embedded Standard 7 and Windows Embedded POSReady 7 checklists to resolve APAR IV85006 - Long Evaluation Cycle Time: o ?Verify that Administrator account is renamed on the system? (pcidss-2.1.b_1) o ?Verify that Guest account is renamed on the system? (pcidss-2.1.b_2) o ?Verify that Administrator account on the system is set to Disabled? (pcidss-2.1.b_3) o ?Verify that Guest account on the system is set to Disabled? (pcidss-2.1.b_4) Published Site: PCI DSS Checklist for Windows 2008, version 8 PCI DSS Checklist for Windows 2012, version 8 PCI DSS Checklist for Windows 7, version 6 PCI DSS Checklist for Windows Embedded POSReady 7, version 5 PCI DSS Checklist for Windows Embedded Standard 7, version 3 *The site version is provided for air-gap customers. Actions to Take: If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see https://ibm.biz/Bd4LBt. If you have not subscribed to the site above, you can use the License Overview dashboard to enable and gather the sites. Note that you must be entitled to the new content and you are using IBM BigFix version 9.0 and later. If you were involved in the Early Access Program for IBM BigFix Compliance PCI Add-on, unsubscribe from the beta sites to avoid any conflicting issues with the production sites. If you do not unsubscribe from the beta sites, the content in the production sites will fail. More information: Please note that PCI DSS v3.2 support for the existing PCI checklists for other supported platforms will be available soon. Stay tuned for future announcements. To know more information about the IBM BigFix Compliance SCM checklists, see: IBM BigFix Compliance PCI Add-on User's Guide in the BigFix developerWorks wiki: https://ibm.biz/BdrBtk IBM developerWorks: https://ibm.biz/BdFiGQ SCM Checklist Deployment: https://ibm.biz/BdrBtU IBM Blog for Checklist Release Announcement: https://ibm.biz/BdrBt5 BigFix forums: https://forum.bigfix.com/ We hope you find this latest release of SCM content useful and effective. Thank you! -- The IBM BigFix Compliance PCI Add-on team -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Mon Jul 11 17:40:11 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Tue, 12 Jul 2016 00:40:11 +0000 Subject: [BESAdmin-Announcements] IBM BigFix Compliance UPDATE: CIS Checklist for Oracle Linux 7 (site ver 1) published 2016-07-11 Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Mon Jul 11 20:35:16 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Tue, 12 Jul 2016 11:35:16 +0800 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: Content in the Patches for Windows site has been modified: New Fixlets: [Major] 3170735: Update for Windows Journal - Windows 8.1 - KB3170735 (x64)??? (ID: 317073507) [Major] 3170735: Update for Windows Journal - Windows 8.1 - KB3170735 (ID: 317073503) [Major] 3170735: Update for Windows Journal - Windows 7 SP1 - KB3170735 (x64)??? (ID: 317073505) [Major] 3170735: Update for Windows Journal - Windows 7 SP1 - KB3170735 (ID: 317073501) [Major] 3115321: Update for Outlook 2010 Junk Email Filter - Office 2010 SP2 - KB3115321 (x64)??? (ID: 311532101) [Major] 3115321: Update for Outlook 2010 Junk Email Filter - Office 2010 SP2 - KB3115321??? (ID: 311532103) [Major] 3115307: Update for Outlook 2007 Junk Email Filter - Outlook 2007 - KB3115307??? (ID: 311530701) [Major] 3115303: Update for OneNote 2016 - OneNote 2016 - KB3115303??? (ID: 311530301) [Major] 3115302: Update for Office 2016 - Office 2016 - KB3115302 (x64) (ID: 311530201) [Major] 3115302: Update for Office 2016 - Office 2016 - KB3115302??? (ID: 311530203) [Major] 3115298: Update for Visio 2016 - Visio 2016 - KB3115298 (x64) (ID: 311529801) [Major] 3115298: Update for Visio 2016 - Visio 2016 - KB3115298??? (ID: 311529803) [Major] 3115287: Update for Visio 2013 - Visio 2013 SP1 - KB3115287 (x64)??? (ID: 311528701) [Major] 3115287: Update for Visio 2013 - Visio 2013 SP1 - KB3115287??? (ID: 311528703) [Major] 3115284: Update for Project 2016 - Project 2016 - KB3115284 (x64)??? (ID: 311528401) [Major] 3115284: Update for Project 2016 - Project 2016 - KB3115284??? (ID: 311528403) [Major] 3115283: Update for OneDrive for Business for Office 2016 - Office 2016 - KB3115283 (x64)??? (ID: 311528303) [Major] 3115283: Update for OneDrive for Business for Office 2016 - Office 2016 - KB3115283??? (ID: 311528301) [Major] 3115282: Update for Office 2016 - Office 2016 - KB3115282 (x64) (ID: 311528203) [Major] 3115282: Update for Office 2016 - Office 2016 - KB3115282??? (ID: 311528201) [Major] 3115277: Update for Office 2016 - Office 2016 - KB3115277 (x64) (ID: 311527701) [Major] 3115277: Update for Office 2016 - Office 2016 - KB3115277??? (ID: 311527703) [Major] 3115275: Update for Office 2016 - Office 2016 - KB3115275 (x64) (ID: 311527501) [Major] 3115275: Update for Office 2016 - Office 2016 - KB3115275??? (ID: 311527503) [Major] 3115273: Update for Office 2016 - Office 2016 - KB3115273??? (ID: 311527301) [Major] 3115271: Update for PowerPoint 2016 - PowerPoint 2016 - KB3115271 (x64)??? (ID: 311527101) [Major] 3115271: Update for PowerPoint 2016 - PowerPoint 2016 - KB3115271??? (ID: 311527103) [Major] 3115268: Update for Skype for Business 2016 - Skype for Business - KB3115268 (x64)??? (ID: 311526803) [Major] 3115268: Update for Skype for Business 2016 - Skype for Business - KB3115268??? (ID: 311526801) [Major] 3115267: Update for Outlook 2016 Junk Email Filter - Outlook 2016 - KB3115267 (x64)??? (ID: 311526703) [Major] 3115267: Update for Outlook 2016 Junk Email Filter - Outlook 2016 - KB3115267??? (ID: 311526701) [Major] 3115266: Update for Office 2016 - Office 2016 - KB3115266 (x64) (ID: 311526601) [Major] 3115264: Update for Project 2013 - Project 2013 SP1 - KB3115264 (x64)??? (ID: 311526401) [Major] 3115263: Update for OneDrive for Business for Office 2013 - Office 2013 SP1 - KB3115263 (x64)??? (ID: 311526301) [Major] 3115263: Update for OneDrive for Business for Office 2013 - Office 2013 SP1 - KB3115263??? (ID: 311526303) [Major] 3115261: Update for Lync 2013 (Skype for Business) - Skype for Business - KB3115261 (x64)??? (ID: 311526105) [Major] 3115261: Update for Lync 2013 (Skype for Business) - Skype for Business - KB3115261??? (ID: 311526101) [Major] 3115260: Update for Outlook 2013 Junk Email Filter - Office 2013 SP1 - KB3115260 (x64)??? (ID: 311526001) [Major] 3115260: Update for Outlook 2013 Junk Email Filter - Office 2013 SP1 - KB3115260??? (ID: 311526003) [Major] 3115255: Update for Office 2013 - Office 2013 SP1 - KB3115255 (x64)??? (ID: 311525503) [Major] 3115255: Update for Office 2013 - Office 2013 SP1 - KB3115255 (ID: 311525501) [Major] 3115253: Update for Office 2013 - Office 2013 SP1 - KB3115253 (x64)??? (ID: 311525303) [Major] 3115253: Update for Office 2013 - Office 2013 SP1 - KB3115253 (ID: 311525301) [Major] 3115183: Update for Office 2016 - Office 2016 - KB3115183 (x64) (ID: 311518301) [Major] 3115183: Update for Office 2016 - Office 2016 - KB3115183??? (ID: 311518303) [Major] 3115143: Update for Office 2016 - Office 2016 - KB3115143 (x64) (ID: 311514301) [Major] 3115143: Update for Office 2016 - Office 2016 - KB3115143??? (ID: 311514303) [Major] 3115092: Update for Office 2016 - Office 2016 - KB3115092 (x64) (ID: 311509201) [Major] 3115092: Update for Office 2016 - Office 2016 - KB3115092??? (ID: 311509203) [Major] 3101503: Update for Office 2013 - Office 2013 SP1 - KB3101503 (x64)??? (ID: 310150301) [Major] 3101503: Update for Office 2013 - Office 2013 SP1 - KB3101503 (ID: 310150303) [Major] 3085565: Update for Office 2013 - Office 2013 SP1 - KB3085565 (ID: 308556501) [Major] 3054778: Update for SharePoint Server 2013 Client Components SDK - SharePoint Server 2013 Client Components SDK - KB3054778 (x64)??? (ID: 305477801) [Major] 3054778: Update for SharePoint Server 2013 Client Components SDK - SharePoint Server 2013 Client Components SDK - KB3054778??? (ID: 305477803) [Major] 2920687: Update for Office 2016 - Office 2016 - KB2920687 (x64) (ID: 292068701) [Major] 2910989: Update for Office 2016 - Office 2016 - KB2910989 (x64) (ID: 291098903) [Major] 2910989: Update for Office 2016 - Office 2016 - KB2910989??? (ID: 291098901) [Major] 2910984: Update for Office 2016 - Office 2016 - KB2910984 (x64) (ID: 291098403) [Major] 2910984: Update for Office 2016 - Office 2016 - KB2910984??? (ID: 291098401) Modified Fixlets: [Major] 2977759: Compatibility update for Windows 7 RTM - Windows 7 SP1 - KB2977759 (x64) (V15.0)??? (ID: 297775903) [Major] 2977759: Compatibility update for Windows 7 RTM - Windows 7 SP1 - KB2977759 (V15.0)??? (ID: 297775901) [Major] 2976978: Compatibility update for Windows 8.1 and Windows 8 - Windows 8.1 - KB2976978 (x64) (V17.0)??? (ID: 297697805) [Major] 2976978: Compatibility update for Windows 8.1 and Windows 8 - Windows 8.1 - KB2976978 (V17.0)??? (ID: 297697801) [Major] 2976978: Compatibility update for Windows 8.1 and Windows 8 - Windows 8 - KB2976978 (x64) (V16.0)??? (ID: 297697807) [Major] 2976978: Compatibility update for Windows 8.1 and Windows 8 - Windows 8 - KB2976978 (V16.0)??? (ID: 297697803) [Major] 2952664: Compatibility update for upgrading Windows 7 - Windows 7 SP1 - KB2952664 (x64) (V19.0)??? (ID: 295266403) [Major] 2952664: Compatibility update for upgrading Windows 7 - Windows 7 SP1 - KB2952664 (V19.0)??? (ID: 295266401) Fully Superseded Fixlets: [Major] 2880993: Update for SharePoint Server 2013 Client Components SDK - KB2880993- Sharepointserver 2013 (Superseded)??? (ID: 288099303) [Major] 2880993: Update for SharePoint Server 2013 Client Components SDK - KB2880993- Sharepointserver 2013 (x64) (Superseded)??? (ID: 288099301) [Major] 3054805: Update for Office 2013 - Office 2013 SP1 - KB3054805 (Superseded)??? (ID: 305480501) [Major] 3054805: Update for Office 2013 - Office 2013 SP1 - KB3054805 (x64) (Superseded)??? (ID: 305480503) [Major] 3085479: Update for Office 2013 - KB3085479 - Office 2013 SP1 (Superseded)??? (ID: 308547903) [Major] 3085479: Update for Office 2013 - KB3085479 - Office 2013 SP1 (x64) (Superseded)??? (ID: 308547901) [Major] 3114968: Update for Office 2016 - Office 2016 - KB3114968 (Superseded)??? (ID: 311496803) [Major] 3114968: Update for Office 2016 - Office 2016 - KB3114968 (x64) (Superseded)??? (ID: 311496801) [Major] 3115032: Update for Outlook 2013 Junk Email Filter - Office 2013 SP1 - KB3115032 (Superseded)??? (ID: 311503203) [Major] 3115032: Update for Outlook 2013 Junk Email Filter - Office 2013 SP1 - KB3115032 (x64) (Superseded)??? (ID: 311503201) [Major] 3115033: Update for Lync 2013 (Skype for Business) - Skype for Business - KB3115033 (Superseded)??? (ID: 311503301) [Major] 3115085: Update for Outlook 2016 Junk Email Filter - Outlook 2016 - KB3115085 (Superseded)??? (ID: 311508501) [Major] 3115085: Update for Outlook 2016 Junk Email Filter - Outlook 2016 - KB3115085 (x64) (Superseded)??? (ID: 311508503) [Major] 3115087: Update for Skype for Business 2016 - Skype for Business 2016 - KB3115087 (Superseded)??? (ID: 311508703) [Major] 3115087: Update for Skype for Business 2016 - Skype for Business 2016 - KB3115087 (x64) (Superseded)??? (ID: 311508701) [Major] 3115093: Update for Office 2016 - Office 2016 - KB3115093 (Superseded)??? (ID: 311509303) [Major] 3115093: Update for Office 2016 - Office 2016 - KB3115093 (x64) (Superseded)??? (ID: 311509301) [Major] 3115095: Update for Office 2016 Language Interface Pack - Office 2016 - KB3115095 (Superseded)??? (ID: 311509501) [Major] 3115095: Update for Office 2016 Language Interface Pack - Office 2016 - KB3115095 (x64) (Superseded)??? (ID: 311509503) [Major] 3115098: Update for Office 2016 - Office 2016 - KB3115098 (Superseded)??? (ID: 311509801) [Major] 3115098: Update for Office 2016 - Office 2016 - KB3115098 (x64) (Superseded)??? (ID: 311509803) [Major] 3115102: Update for Office 2016 - Office 2016 - KB3115102 (Superseded)??? (ID: 311510203) [Major] 3115102: Update for Office 2016 - Office 2016 - KB3115102 (x64) (Superseded)??? (ID: 311510201) [Major] 3115136: Update for Office 2016 - Office 2016 - KB3115136 (Superseded)??? (ID: 311513603) [Major] 3115136: Update for Office 2016 - Office 2016 - KB3115136 (x64) (Superseded)??? (ID: 311513601) [Major] 3115137: Update for Outlook 2016 Junk Email Filter - Outlook 2016 - KB3115137 (Superseded)??? (ID: 311513703) [Major] 3115137: Update for Outlook 2016 Junk Email Filter - Outlook 2016 - KB3115137 (x64) (Superseded)??? (ID: 311513701) [Major] 3115138: Update for PowerPoint 2016 - PowerPoint 2016 - KB3115138 (Superseded)??? (ID: 311513803) [Major] 3115138: Update for PowerPoint 2016 - PowerPoint 2016 - KB3115138 (x64) (Superseded)??? (ID: 311513801) [Major] 3115140: Update for Office 2016 - Office 2016 - KB3115140 (Superseded)??? (ID: 311514003) [Major] 3115140: Update for Office 2016 - Office 2016 - KB3115140 (x64) (Superseded)??? (ID: 311514001) [Major] 3115148: Update for OneDrive for Business for Office 2016 - Office 2016 - KB3115148 (Superseded)??? (ID: 311514803) [Major] 3115148: Update for OneDrive for Business for Office 2016 - Office 2016 - KB3115148 (x64) (Superseded)??? (ID: 311514801) [Major] 3115149: Update for Project 2016 - Project 2016 - KB3115149 (Superseded)??? (ID: 311514903) [Major] 3115149: Update for Project 2016 - Project 2016 - KB3115149 (x64) (Superseded)??? (ID: 311514901) [Major] 3115151: Update for Office 2013 - Office 2013 SP1 - KB3115151 (Superseded)??? (ID: 311515101) [Major] 3115151: Update for Office 2013 - Office 2013 SP1 - KB3115151 (x64) (Superseded)??? (ID: 311515103) [Major] 3115159: Update for Outlook 2013 Junk Email Filter - Office 2013 SP1 - KB3115159 (Superseded)??? (ID: 311515901) [Major] 3115159: Update for Outlook 2013 Junk Email Filter - Office 2013 SP1 - KB3115159 (x64) (Superseded)??? (ID: 311515903) [Major] 3115163: Update for OneDrive for Business for Office 2013 - Office 2013 SP1 - KB3115163 (Superseded)??? (ID: 311516303) [Major] 3115163: Update for OneDrive for Business for Office 2013 - Office 2013 SP1 - KB3115163 (x64) (Superseded)??? (ID: 311516301) [Major] 3115164: Update for Project 2013 - Project 2013 SP1 - KB3115164 (Superseded)??? (ID: 311516401) [Major] 3115164: Update for Project 2013 - Project 2013 SP1 - KB3115164 (x64) (Superseded)??? (ID: 311516403) [Major] 3115167: Update for Office 2013 - Office 2013 SP1 - KB3115167 (Superseded)??? (ID: 311516703) [Major] 3115167: Update for Office 2013 - Office 2013 SP1 - KB3115167 (x64) (Superseded)??? (ID: 311516701) [Major] 3115192: Update for Outlook 2007 Junk Email Filter - Outlook 2007 - KB3115192 (Superseded)??? (ID: 311519201) [Major] 3115247: Update for Outlook 2010 Junk Email Filter - Office 2010 SP2 - KB3115247 (Superseded)??? (ID: 311524701) [Major] 3115247: Update for Outlook 2010 Junk Email Filter - Office 2010 SP2 - KB3115247 (x64) (Superseded)??? (ID: 311524703) Reason for Update: Microsoft has released KB3170735, KB3115321, KB3115307, KB3115303, KB3115302, KB3115298, KB3115287, KB3115284, KB3115283, KB3115282, KB3115277, KB3115275, KB3115273, KB3115271, KB3115268, KB3115267, KB3115266, KB3115264, KB3115263, KB3115261, KB3115260, KB3115255, KB3115253, KB3115183, KB3115143, KB3115092, KB3101503, KB3085565, KB3054778, KB2920687, KB2910989, KB2910984. Patch files for KB2977759, KB2976978, KB2952664 were updated. Actions to Take: None Published site version: Patches for Windows, version 2535. Additional links: None Application Engineering Team IBM BigFix -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Tue Jul 12 17:18:27 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Wed, 13 Jul 2016 08:18:27 +0800 Subject: [BESAdmin-Announcements] Content Modification: Updates for Windows Applications Message-ID: Content in the Updates for Windows Applications site has been modified. New/Updated Fixlets: * Flash Player 18.0.0.366 Available - Plugin-based (ID: 1091296) * Flash Player 18.0.0.366 Available - Internet Explorer (ID: 1091315) * Flash Player 18.0.0.360 Available - Plugin-based (Superseded) (ID: 1091292) * Flash Player 18.0.0.360 Available - Internet Explorer (Superseded) (ID: 1091311) * Flash Player 22.0.0.209 Available - Plugin-based (ID: 1091298) * Flash Player 22.0.0.209 Available - Internet Explorer (ID: 1091317) * Flash Player 22.0.0.192 Available - Plugin-based (Superseded) (ID: 1091294) * Flash Player 22.0.0.192 Available - Internet Explorer (Superseded) (ID: 1091313) * Adobe Reader 11.0.17 Available (MUI Installer) - Adobe Reader 11.x (ID: 8200027) * Adobe Reader 11.0.17 Available - Adobe Reader 11.x (ID: 8101106) * Adobe Reader 11.0.16 Available (MUI Installer) - Adobe Reader 11.x (Superseded) (ID: 8200025) * Adobe Reader 11.0.16 Available - Adobe Reader 11.x (Superseded) (ID: 8101104) * Adobe Acrobat Reader DC 2015.017.20050 Available (MUI Installer) - Adobe Acrobat Reader DC - Continuous Track (ID: 8101119) * Adobe Acrobat Reader DC 2015.017.20050 Available - Adobe Acrobat Reader DC - Continuous Track (ID: 8101121) * Adobe Acrobat Reader DC 2015.016.20039 Available (MUI Installer) - Adobe Acrobat Reader DC - Continuous Track (Superseded) (ID: 8101115) * Adobe Acrobat Reader DC 2015.016.20039 Available - Adobe Acrobat Reader DC - Continuous Track (Superseded) (ID: 8101113) * Adobe Acrobat Reader DC 2015.006.30198 Available (MUI Installer) - Adobe Acrobat Reader DC - Classic Track (ID: 8101123) * Adobe Acrobat Reader DC 2015.006.30172 Available (MUI Installer) - Adobe Acrobat Reader DC - Classic Track (Superseded) (ID: 8101117) * Adobe Acrobat 11.0.17 Available - Adobe Acrobat 11.x (ID: 9101106) * Adobe Acrobat 11.0.16 Available - Adobe Acrobat 11.x (Superseded) (ID: 9101104) * Adobe Acrobat DC 2015.017.20050 Available - Adobe Acrobat DC - Continuous Track (ID: 9101108) * Adobe Acrobat DC 2015.016.20039 Available - Adobe Acrobat DC - Continuous Track (Superseded) (ID: 9101100) * Adobe Acrobat DC 2015.006.30198 Available - Adobe Acrobat DC - Classic Track (ID: 9101110) * Adobe Acrobat DC 2015.006.30172 Available - Adobe Acrobat DC - Classic Track (Superseded) (ID: 9101098) * Adobe Acrobat DC 2015.006.30121 Available - Adobe Acrobat DC - Classic Track (Superseded) (ID: 9101096) Published Site Version: * Updates for Windows Applications, version 945. Reasons for Update: * Adobe has released new versions of Flash Player (18.0.0.366 and 22.0.0.209) to address security vulnerabilities. * Adobe has released a new version of Adobe Reader (11.0.17) to address security vulnerabilities. * Adobe has released new versions of Adobe Acrobat Reader DC (2015.017.20050 and 2015.006.30198) to address security vulnerabilities. * Adobe has released a new version of Adobe Acrobat (11.0.17) to address security vulnerabilities. * Adobe has released new versions of Adobe Acrobat DC (2015.017.20050 and 2015.006.30198) to address security vulnerabilities. Actions to Take: * Gathering of the site will automatically show the updates made. Application Engineering Team IBM BigFix -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Tue Jul 12 12:25:25 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Tue, 12 Jul 2016 19:25:25 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patching Support Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Tue Jul 12 18:02:32 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Wed, 13 Jul 2016 01:02:32 +0000 Subject: [BESAdmin-Announcements] Content Released in Patches for Windows - July 2016 Security Bulletins Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Wed Jul 13 06:23:03 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Wed, 13 Jul 2016 15:23:03 +0200 Subject: [BESAdmin-Announcements] IBM BigFix Compliance PCI Add-on: Updated Content: PCI DSS Checklists for MS IIS 7, MS SQL 2008, MS SQL 2012, and Windows Embedded POSReady 2009 published 2016-07-13 Message-ID: Product: IBM BigFix Compliance PCI Add-on Title: Updated Security Configuration Management (SCM) PCI DSS Checklists for MS IIS 7, MS SQL 2008, MS SQL 2012, and Windows Embedded POSReady 2009 to comply with PCI DSS v3.2 Category: Updated SCM checklist Published Benchmark: Payment Card Industry Data Security Standard v3.2 Details: The IBM BigFix Compliance PCI Add-on team has updated the content for the Payment Card Industry Data Security Standard (PCI DSS) checklists for MS IIS 7, MS SQL 2008, MS SQL 2012, and Windows Embedded POSReady 2009 to comply with PCI DSS v 3.2, as well as to include other enhancements. Details are as follows. For MS IIS 7: ? PCI DSS Requirements and Security Assessment Procedures v3.2 is supported in the identified checklists. ? Existing checks are updated to contain PCI DSS v3.2 as the security standard source in the description. ? The check named ?Use only Strong Encryption Protocols - IIS7? (pcidss-4.1.e.7) is updated to disable SSL 3.0, TLS 1.0, and TLS 1.1, and to enable TLS 1.2 as a mandatory requirement. ? The checks named ?Set Deployment Method to Retail - IIS7? (pcidss-6.3.b.1) and ?Ensure 'passwordFormat' Credentials Element not set to Clear - IIS7? (pcidss-8.2.1.a.7) are updated to correct the manual remediation steps in the description. For MS SQL 2008 and MS SQL 2012: ? PCI DSS Requirements and Security Assessment Procedures v3.2 is supported in the identified checklists. ? Existing checks are updated to contain PCI DSS v3.2 as the security standard source in the description. ? The measured values for ?Verify that "Account Lockout Duration" is set to '30 minutes or more?? (pcidss-8.1.7), which can be viewed in the BigFix console, analyses, and SCA reports are formatted for enhanced readability. The results now clearly present the desired system configuration setting, as specified by a check, against the actual setting on the endpoint. ? Some titles and descriptions are updated with the standardized format and extensions. ? Several checks are updated to improve the presentation of system exceptions and parameter handling. For Windows Embedded POSReady 2009: ? PCI DSS Requirements and Security Assessment Procedures v3.2 is supported in the identified checklists. ? Existing checks are updated to contain PCI DSS v3.2 as the security standard source in the description. ? Some titles and descriptions are updated with the standardized format and extensions. Published Site: PCI DSS Checklist for MS IIS, version 6 PCI DSS Checklist for MS SQL 2008, version 7 PCI DSS Checklist for MS SQL 2012, version 8 PCI DSS Checklist for Windows Embedded POSReady 2009, version 4 *The site version is provided for air-gap customers. Actions to Take: ? If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see https://ibm.biz/Bd4LBt. ? If you have not subscribed to the site above, you can use the License Overview dashboard to enable and gather the sites. Note that you must be entitled to the new content and you are using IBM BigFix version 9.0 and later. ? If you were involved in the Early Access Program for IBM BigFix Compliance PCI Add-on, unsubscribe from the beta sites to avoid any conflicting issues with the production sites. If you do not unsubscribe from the beta sites, the content in the production sites will fail. More information: To view the announcement on the PCI DSS v3.2 support for Windows 2008, Windows 2012, Windows 7, Windows Embedded POSReady 7, and Windows Embedded Standard 7, click here: https://ibm.biz/BdrFiu. Please note that PCI DSS v3.2 support for the existing PCI checklists for other supported platforms will be available soon. Stay tuned for future announcements. To know more information about the IBM BigFix Compliance SCM checklists, see: IBM BigFix Compliance PCI Add-on User's Guide in the BigFix developerWorks wiki: https://ibm.biz/BdrBtk IBM developerWorks: https://ibm.biz/BdFiGQ SCM Checklist Deployment: https://ibm.biz/BdrBtU IBM Blog for Checklist Release Announcement: https://ibm.biz/BdrBt5 BigFix forums: https://forum.bigfix.com/ We hope you find this latest release of SCM content useful and effective. Thank you! -- The IBM BigFix Compliance PCI Add-on team -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Wed Jul 13 08:40:52 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Wed, 13 Jul 2016 15:40:52 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Wed Jul 13 23:08:28 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Thu, 14 Jul 2016 14:08:28 +0800 Subject: [BESAdmin-Announcements] Content in Updates for Mac Applications has been modified Message-ID: Content in Updates for Mac Applications has been modified. New/Updated Fixlet: * Microsoft Office for Mac 2011 14.6.6 Available (Chinese Simplified) (ID: 14130734) * Microsoft Office for Mac 2011 14.6.6 Available (Chinese Traditional) (ID: 14130735) * Microsoft Office for Mac 2011 14.6.6 Available (English) (ID: 14130736) * Microsoft Office for Mac 2011 14.6.6 Available (French) (ID: 14130737) * Microsoft Office for Mac 2011 14.6.6 Available (German) (ID: 14130738) * Microsoft Office for Mac 2011 14.6.6 Available (Italian) (ID: 14130739) * Microsoft Office for Mac 2011 14.6.6 Available (Japanese) (ID: 14130740) * Microsoft Office for Mac 2011 14.6.6 Available (Polish) (ID: 14130741) * Microsoft Office for Mac 2011 14.6.6 Available (Russian) (ID: 14130742) * Microsoft Office for Mac 2011 14.6.6 Available (Spanish) (ID: 14130743) * Microsoft Office for Mac 2016 - Excel 15.24.0 Available (ID: 16000023) * Microsoft Office for Mac 2016 - OneNote 15.24.0 Available (ID: 16000024) * Microsoft Office for Mac 2016 - Outlook 15.24.0 Available (ID: 16000025) * Microsoft Office for Mac 2016 - PowerPoint 15.24.0 Available (ID: 16000026) * Microsoft Office for Mac 2016 - Word 15.24.0 Available (ID: 16000027) * Flash Player 18.0.0.366 Available - Mac OS X (ID: 1091157) * Flash Player 22.0.0.209 Available - Mac OS X (ID: 1091158) Published site version: Updates for Mac Applications, version 141 Reasons for Update: * Microsoft released a newer version of Microsoft Office for Mac 2011 * Microsoft released a newer version of Microsoft Office for Mac 2016 * Adobe released a newer version of Adobe Flash Player Actions to Take: Gathering of the site will automatically show the updates made. Application Engineering Team IBM BigFix -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Thu Jul 14 02:18:10 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Thu, 14 Jul 2016 17:18:10 +0800 Subject: [BESAdmin-Announcements] IBM BigFix Patches for Windows retired the Custom Repository Setting (Windows) tasks Message-ID: IBM BigFix Patches for Windows retired the following Custom Repository Setting (Windows) tasks from the Updates for Windows Applications site: Create or Update Custom Repository Setting (Windows) Delete Custom Repository Setting (Windows) The equivalent of these tasks are now in the Patching Support site. Note that the Create or Update Custom Repository Setting (Windows) task is renamed to the Set or Update Custom Repository Setting (Windows) task. Set or Update Custom Repository Setting (Windows) Delete Custom Repository Setting (Windows) Actions to take: Gather the Patching Support site, version 588. Published site version: Patching Support site, version 588. References: For more information about the Using the Custom Repository Setting feature, see https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Using%20the%20Custom%20Repository%20Setting%20feature . Application Engineering Team IBM BigFix -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Thu Jul 14 04:21:00 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Thu, 14 Jul 2016 13:21:00 +0200 Subject: [BESAdmin-Announcements] License Counting Process announcement Message-ID: Product: IBM BigFix Platform Title: BigFix Licence Counting Process Details: The IBM BigFix Platform team is pleased to announce the first delivery of the BigFix License Counting Process enablement package for ILMT and BigFix Inventory as a step forward to allow BigFix customers to properly perform software license management on their BigFix deployments. This is the initial delivery of capabilities aimed to enable and simplify software license management for BigFix portfolio. Indeed all BigFix customers do need to be able to properly map IBM Passport Advantage part numbers they acquired for BigFix and related license quantities to what they have deployed on their environment: - BigFix value to be able to commonly share agent across IBM BigFix portfolio does not relief customer need to know which BigFix product the agent is supporting based on the BigFix server License Key entitled content. - Once you know which BigFix product the agent is assigned to, there is the additional need to count license usage accordingly to the license metric they have been purchased with: Client Device, RVU (Resource Value Unit for Activated Managed Processor Cores), MVS (Managed Virtual Server). For the managed servers IBM allows flexibility to purchase and mix BigFix license metrics (i.e: BigFix Lifecycle and BigFix Compliance licensed on 2 physical servers with RVU metric and with MVS metric on another 2 physical servers, or BigFix Lifecycle licensed with MVS metric and BigFix Inventory licensed with RVU metric for the same managed physical servers). The License Overview dashboard available on BigFix Console iprovides capability to manage agent subscriptions to content sites of entitled BigFix products in use on the BigFix deployment but is not enough to proper perform accurate software license management as per above cases and needs. With the adoption of ISO 19770 standard for IBM products and the related discovery enablement we added into ILMT and BigFix Inventory it is now possible to properly address the software license management need for BigFix portfolio. The BigFix License Counting Process enablement package for ILMT and BigFix Inventory provides a set of Fixlets whose goal is to automatically generate and place proper ISO 19770 tags on the computers where the BigFix agents are running so that they will be associated to the right BigFix products and related license metric. ILMT and BigFix Inventory will than be able to process the ISO 19770 tags accordingly and visualize products and license usage on their reports. Published site version: BES Support version 1267 (or higher). More information: More information on the related capabilities and recommended license management process flow is available on the BigFix Platform 9.5 documentation at this link http://www.ibm.com/support/knowledgecenter/SSQL82_9.5.0/com.ibm.bigfix.doc/Platform/Console/tbes_tool1.html IBM BigFix Team IBM Italia S.p.A. Sede Legale: Circonvallazione Idroscalo - 20090 Segrate (MI) Cap. Soc. euro 347.256.998,80 C. F. e Reg. Imprese MI 01442240030 - Partita IVA 10914660153 Societ? con unico azionista Societ? soggetta all?attivit? di direzione e coordinamento di International Business Machines Corporation (Salvo che sia diversamente indicato sopra / Unless stated otherwise above) -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Thu Jul 14 08:36:16 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Thu, 14 Jul 2016 23:36:16 +0800 Subject: [BESAdmin-Announcements] IBM BigFix Patch: Pre-Announcement: SLES 10 sites to be deprecated by September 30, 2016 Message-ID: In line with SUSE?s end of support for SUSE Linux Enterprise Server 10 on July 31, 2016, IBM BigFix Patch is announcing that the following sites, which contain patch content for both SUSE Linux Enterprise Server 10 and SUSE Linux Enterprise Desktop 10, are to be deprecated by September 30, 2016: Patches for SLE10 Patches for SLE10 System Z Note: SUSE ended its general support for SUSE Linux Enterprise Desktop 10 on July 31, 2013. Patch content for any new SUSE updates, which may be released after the site deprecation date, for SUSE Linux Enterprise 10 (x86, x86_64, and s390x) will not be supported. Customers can still access the patch content that are available in the listed sites by subscribing to them, however note that BigFix Patch will NOT provide support for those sites after September 30, 2016. Action to take: Customers are encouraged to upgrade to the latest version of SUSE as soon as possible to continue receiving the latest patch content from BigFix. Refer to the SUSE site for the upgrade instructions. Application Engineering Team BigFix Patch -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Thu Jul 14 08:39:35 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Thu, 14 Jul 2016 15:39:35 +0000 Subject: [BESAdmin-Announcements] Content Released in Windows Point of Sale Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Fri Jul 15 01:24:23 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Fri, 15 Jul 2016 08:24:23 +0000 Subject: [BESAdmin-Announcements] Content Modification: Updates for Windows Applications Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Fri Jul 15 07:42:38 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Fri, 15 Jul 2016 14:42:38 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Fri Jul 15 08:41:32 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Fri, 15 Jul 2016 15:41:32 +0000 Subject: [BESAdmin-Announcements] IBM BigFix Compliance UPDATE: A few DISA sites updated with STIG in site names on 2016-07-14 Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Mon Jul 18 07:07:54 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Mon, 18 Jul 2016 14:07:54 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Tue Jul 19 00:49:20 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Tue, 19 Jul 2016 07:49:20 +0000 Subject: [BESAdmin-Announcements] Content Modification: Updates for Windows Applications Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Wed Jul 20 00:11:43 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Wed, 20 Jul 2016 07:11:43 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Tue Jul 19 23:35:56 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Wed, 20 Jul 2016 14:35:56 +0800 Subject: [BESAdmin-Announcements] Content in Patches for Mac OS X site has been modified Message-ID: Content in Patches for Mac OS X site has been modified. New/Updated Fixlet: * Security Update 2016-004 (10.9.5 Client) (ID: 1090515) * Security Update 2016-004 (10.10.5 Client) (ID: 10100020) * UPDATE Mac OS X 10.11.6 Available (ID: 10110010) * UPDATE Mac OS X 10.11.6 Available (Combo) (ID: 10110011) * UPDATE Safari 9.1.2 - Mavericks (10.9.5 Client) (ID: 98140735) * UPDATE Safari 9.1.2 - Yosemite (10.10.5 Client) (ID: 98140736) * UPDATE iTunes 12.4.2 Available (Client) (ID: 65141916) * UPDATE Java Runtime Environment 8 update 101 Available (ID: 74131146) * UPDATE Java Runtime Environment 8 update 102 Available (ID: 74131147) Published site version: Patches for Mac OS X, version 378. Reasons for Update: * Apple released newer version of iTunes * Apple released newer version of Mac OS * Apple released newer version of Safari * Oracle released newer version of Java Actions to Take: Gathering of the site will automatically show the updates made. Application Engineering Team IBM BigFix -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Wed Jul 20 03:01:31 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Wed, 20 Jul 2016 18:01:31 +0800 Subject: [BESAdmin-Announcements] Content Modification: Updates for Windows Applications Message-ID: Content in the Updates for Windows Applications site has been modified. New/Updated Fixlets: * Java Runtime Environment 8 update 101 Available (JRE < 8 Installed) (ID: 7051327) * Java Runtime Environment 8 update 101 Available (JRE 8 Installed) (ID: 7051329) * Java Runtime Environment 8 update 101 Available - CORRUPT PATCH (ID: 7051331) * Java Runtime Environment 8 update 101 Available (x64) (JRE 8 Installed) (ID: 7056547) * Java Runtime Environment 8 update 101 Available (x64) (JRE < 8 Installed) (ID: 7056549) * Java Runtime Environment 8 update 101 Available (x64) - CORRUPT PATCH (ID: 7056551) * Java Runtime Environment 8 update 101 (32-bit) Available (x64) - CORRUPT PATCH (ID: 7056553) * Java Runtime Environment 8 update 101 (32-bit) Available (JRE < 8 32-bit version Installed) (x64) (ID: 7056555) * Java Runtime Environment 8 update 101 (32-bit) Available (JRE 8 32-bit version Installed) (x64) (ID: 7056557) * Java Runtime Environment 8 update 102 Available (JRE < 8 Installed) (ID: 7051321) * Java Runtime Environment 8 update 102 Available (JRE 8 Installed) (ID: 7051323) * Java Runtime Environment 8 update 102 Available - CORRUPT PATCH (ID: 7051325) * Java Runtime Environment 8 update 102 Available (x64) (JRE 8 Installed) (ID: 7056535) * Java Runtime Environment 8 update 102 Available (x64) (JRE < 8 Installed) (ID: 7056537) * Java Runtime Environment 8 update 102 Available (x64) - CORRUPT PATCH (ID: 7056539) * Java Runtime Environment 8 update 102 (32-bit) Available (x64) - CORRUPT PATCH (ID: 7056541) * Java Runtime Environment 8 update 102 (32-bit) Available (JRE < 8 32-bit version Installed) (x64) (ID: 7056543) * Java Runtime Environment 8 update 102 (32-bit) Available (JRE 8 32-bit version Installed) (x64) (ID: 7056545) Published Site Version: * Updates for Windows Applications, version 950. Reasons for Update: * Oracle has released new versions of the Java SE Runtime Environment (JRE) to address security vulnerabilities. Actions to Take: * Gathering of the site will automatically show the updates made. Application Engineering Team IBM BigFix -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Wed Jul 20 03:44:58 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Wed, 20 Jul 2016 10:44:58 +0000 Subject: [BESAdmin-Announcements] BFI 9.x and SUA 2.x July 2016 Catalog Update Message-ID: An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: BFI_catalog_release_notes_2016_07.pdf Type: application/pdf Size: 110664 bytes Desc: not available URL: From besadmin-announcements at bigmail.bigfix.com Wed Jul 20 08:38:28 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Wed, 20 Jul 2016 23:38:28 +0800 Subject: [BESAdmin-Announcements] IBM BigFix Compliance PCI Add-on: Updated Content: PCI DSS Checklists for RHEL 5, RHEL 6, RHEL 7, and AIX 7 published 2016-07-20 Message-ID: Product: IBM BigFix Compliance PCI Add-on Title: Updated Security Configuration Management (SCM) PCI DSS Checklists for RHEL 5, RHEL 6, RHEL 7, and AIX 7 to comply with PCI DSS v3.2 Category: Updated SCM checklist Published Benchmark: Payment Card Industry Data Security Standard v3.2 Details: The IBM BigFix Compliance PCI Add-on team has updated the content for the Payment Card Industry Data Security Standard (PCI DSS) checklists for RHEL 5, RHEL 6, RHEL 7, and AIX 7 to comply with PCI DSS v3.2, as well as to include other enhancements. Details are as follows. For AIX 7: ? PCI DSS Requirements and Security Assessment Procedures v3.2 is supported in the checklists. Existing checks are updated to adopt to the new standard and new checks are added to conform to the new requirements. ? The following PCI DSS v3.2 specific checks are added to the checklists: o ?PCI DSS v3.2: Verify that changes in the "ipfilters" configurations are logged? (pcidss-10.2.2_2.1) o ?PCI DSS v3.2: Verify that changes in the password policy are logged? (pcidss-10.2.2_2.2) o ?PCI DSS v3.2: Verify that logging is enabled for the ?ipfilters? service status changes? (pcidss-10.2.2_2.3) ? The measured values for each AIX 7 check, which can be viewed in the BigFix console, analyses, and SCA reports are formatted for enhanced readability. The results now clearly present the desired system configuration setting, as specified by a check, against the actual setting on the endpoint. ? The description for the globalfind feature is updated for improved usability. ? Some titles and descriptions of the checks are updated with the standardized format and extensions. ? The checks named ?Verify that the SSH protocol is set to the version 2 for the client side? (2.2.2.a_5.1) and ?Verify that the SSH protocol is set to the version 2 for the server side? (2.2.2.a_5.2) are updated with appropriate default desired values. For RHEL 5 and RHEL 6: ? PCI DSS Requirements and Security Assessment Procedures v3.2 is supported in the checklists. Existing checks are updated to adopt to the new standard and new checks are added to conform to the new requirements. ? The following PCI DSS v3.2 specific checks are added to the checklists: o ?PCI DSS v3.2: Verify that events that modify iptables configuration are logged? (pcidss-10.8_b.1.9) o ?PCI DSS v3.2: Verify that events that modify password policies are logged? (pcidss-10.8_b.2.9) ? The check named ?Verify that default ports are not using SSL and early TLS? (pcidss-4.1.d.9.31) is added in the checklists. ? The checks named ?Verify that inactive user accounts are disabled within '90 days or less'? (pcidss-8.1.4.8) and ?Verify that inactive user accounts are disabled within '90 days or less'? (pcidss-8.1.4.9), which are from the PCI DSS Checklist for RHEL 6 and PCI DSS Checklist for RHEL 5 sites, respectively, are updated with the correct parameterization range For RHEL 7: ? PCI DSS Requirements and Security Assessment Procedures v3.2 is supported in the checklist. Existing checks are updated to adopt to the new standard and new checks are added to conform to the new requirements. ? The following PCI DSS v3.2 specific checks are added to the checklists: o ?PCI DSS v3.2: Verify that events that modify iptables configuration are logged? (pcidss-10.8_b.1.6) o ?PCI DSS v3.2: Verify that events that modify firewalld configuration are logged? (pcidss-10.8_b.3.6) o ?PCI DSS v3.2: Verify that events that modify password policies are logged? (pcidss-10.8_b.2.6) ? The check named ?Verify that default ports are not using SSL and early TLS? (pcidss-4.1.d.9.31) is added in the checklist. ? The check named ?Verify that inactive user accounts are disabled within '90 days or less'? (pcidss-8.1.4.6) is updated with the correct parameterization range. Published Sites: PCI DSS Checklist for AIX 7 , version 2 PCI DSS Checklist for RHEL 5, version 4 PCI DSS Checklist for RHEL 6, version 5 PCI DSS Checklist for RHEL 7, version 5 *The site version is provided for air-gap customers. Actions to Take: If you use custom sites, update your custom sites accordingly to use the latest content. You can synchronize your content by using the Synchronize Custom Checks wizard. For more information, see https://ibm.biz/Bd4LBt. If you have not subscribed to the site above, you can use the License Overview dashboard to enable and gather the sites. Note that you must be entitled to the new content and you are using IBM BigFix version 9.0 and later. If you were involved in the Early Access Program for IBM BigFix Compliance PCI Add-on, unsubscribe from the beta sites to avoid any conflicting issues with the production sites. If you do not unsubscribe from the beta sites, the content in the production sites will fail. More information: To view the related PCI DSS v3.2 support announcements, see the following posts: https://ibm.biz/BdrFiu and https://ibm.biz/BdrXPU. To know more information about the IBM BigFix Compliance SCM checklists, see: IBM BigFix Compliance PCI Add-on User's Guide in the BigFix developerWorks wiki: https://ibm.biz/BdrBtk IBM developerWorks: https://ibm.biz/BdFiGQ SCM Checklist Deployment: https://ibm.biz/BdrBtU IBM Blog for Checklist Release Announcement: https://ibm.biz/BdrBt5 BigFix forums: https://forum.bigfix.com/ We hope you find this latest release of SCM content useful and effective. Thank you! -- The IBM BigFix Compliance PCI Add-on team -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Wed Jul 20 22:57:01 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Thu, 21 Jul 2016 13:57:01 +0800 Subject: [BESAdmin-Announcements] Content Modification: Updates for Windows Applications Message-ID: Content in the Updates for Windows Applications site has been modified. Updated Fixlets: * Google Chrome 52.0.2743.82 Available (ID: 14011115) Published Site Version: * Updates for Windows Applications, version 951. Reasons for Update: * Google has released a new version of the Chrome browser (52.0.2743.82). Actions to Take: * Gathering of the site will automatically show the updates made. Application Engineering Team IBM BigFix -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Thu Jul 21 09:26:18 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Thu, 21 Jul 2016 16:26:18 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Fri Jul 22 00:56:15 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Fri, 22 Jul 2016 07:56:15 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Fri Jul 22 19:38:50 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Sat, 23 Jul 2016 02:38:50 +0000 Subject: [BESAdmin-Announcements] =?iso-8859-1?q?IBM_BigFix_Compliance_UPD?= =?iso-8859-1?q?ATE=3A_2_checks_in=A0DISA_STIG_Checklist_for_Windows_10_si?= =?iso-8859-1?q?te_are=A0updated_on_2016-07-22?= Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Mon Jul 25 07:59:25 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Mon, 25 Jul 2016 14:59:25 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Mon Jul 25 22:52:09 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Tue, 26 Jul 2016 13:52:09 +0800 Subject: [BESAdmin-Announcements] Content Modification: Advanced Patching Message-ID: Content in the Advanced Patching site has been modified. New/Updated Fixlets: * IBM WebSphere Application Server Interim Fix 8.5.5.2-WS-WAS-IFPI55574 Available (ID: 855050030) Published Site Version: * Advanced Patching, version 23. Reasons for Update: * IBM WebSphere Application Server Interim Fix 8.5.5.2-WS-WAS-IFPI55574 is Available. Actions to Take: * Gathering of the site will automatically show the updates made. Application Engineering Team IBM BigFix -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Tue Jul 26 13:06:58 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Tue, 26 Jul 2016 20:06:58 +0000 Subject: [BESAdmin-Announcements] IBM BigFix Compliance UPDATE: DISA STIG Checklist for Windows 7 (site ver 26) published 2016-07-26 Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Wed Jul 27 11:47:48 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Wed, 27 Jul 2016 18:47:48 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Wed Jul 27 23:05:22 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Thu, 28 Jul 2016 14:05:22 +0800 Subject: [BESAdmin-Announcements] Content Modification: Updates for Windows Applications Message-ID: Content in the Updates for Windows Applications site has been modified. New/Updated Fixlets: * Skype 7.26.0.101 Available (ID: 5055235) Published Site Version: * Updates for Windows Applications, version 955. Reasons for Update: * Skype has released a new version of their internet telephony software (7.26.0.101). Actions to Take: * Gathering of the site will automatically show the updates made. Application Engineering Team IBM BigFix -------------- next part -------------- An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Thu Jul 28 10:27:58 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Thu, 28 Jul 2016 17:27:58 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Fri Jul 29 12:25:38 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Fri, 29 Jul 2016 19:25:38 +0000 Subject: [BESAdmin-Announcements] Content Modification in Patches for Windows Message-ID: An HTML attachment was scrubbed... URL: From besadmin-announcements at bigmail.bigfix.com Sun Jul 31 21:53:17 2016 From: besadmin-announcements at bigmail.bigfix.com (Announcements for BES Administrators) Date: Mon, 1 Aug 2016 12:53:17 +0800 Subject: [BESAdmin-Announcements] IBM BigFix Patches for Windows Update: Full standard support for Google Chrome Message-ID: IBM BigFix Patches for Windows now provides full standard support for Google Chrome. BigFix previously covered only audit Fixlets. No action is required. Site: Updates for Windows Applications, version 956, Actions to take: None. Additional links: For more information about supported products, applications, and operation systems, see https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Supported%20OS Application Engineering Team IBM BigFix -------------- next part -------------- An HTML attachment was scrubbed... URL: