The update is already installed on this system

The update is already installed on this system

I had an update on my work laptop in a partially installed state. Our vulnerability scanner determined one file, MSO.dll, was still out of date. It recommended a patch to apply. Running it gave me an error message. Here’s what to do when Windows says the update is already installed on this system and refuses to let you do anything but click OK.

Because hey, from a security analyst’s point of view, this is anything but OK. I get questions about patches in a partially deployed state all the time, so I figured I’d write about it. Here’s what I do when security updates fail to apply with this error.

Read more

The meaning of superseded patches

One of my clients asked me to explain superseded patches and how they relate to vulnerability management and patch management. This is a common question about a common complaint. Knowing the meaning of superseded patches and how to handle them is absolutely critical for running a successful security program.

Read more

Patch management strategy

Vulnerability management and patch management are close relatives. In most companies, think of them as siblings who hate each other. That’s usually how it plays out. It doesn’t always have to be that way, but it takes some thought and strategy from both sides. Here are some ideas for patch management strategy.

Read more

Convert a list of hostnames to a list of IP addresses

I had a client with a huge list of hostnames that they needed to convert to IP addresses so they could scan them. That’s common. I used to have a Windows batch file to convert a list of hostnames to a list of IP addresses, so I dug it out of my archives. This uses ping but isn’t like a ping sweep; they knew the machine names but their tool needed IPs.

I used the file to resolve lists of machines so I could load them into a centralized logging or vulnerability management system. This client had the same need and nobody there had a similar tool. So I shared mine with them. And I present it here so I won’t lose it again, and if you need it, you can use it too.

Read more

Asuswrt-Merlin vs Cisco

I recently saw advice to buy a Cisco RV130W instead of buying an Asus router such as an RT-AC66U and souping it up with Asuswrt-Merlin. I can see both sides of the argument but in the end I favor the Asus solution when I consider Asuswrt-Merlin vs Cisco. Here’s why.

Now, if you’re arguing business vs personal use, there’s no contest. In a business setting, buy the Cisco.

Read more

How to set up and optimize an Asus RT-AC66U

Consumer routers drive security professionals like me crazy. I’m happy to say I finally found a router that doesn’t drive me nuts. I want you to buy an Asus RT-AC66U. I’m going to tell you why, and I’m going to tell you how to configure it. Here’s how to set up an Asus RT-AC66U and how to optimize an Asus RT-AC66U.

Read more

How hard is CISSP?

CISSP difficulty is one of the most frequent questions I get once someone finds out I have it. “How hard is CISSP?” or “Could you pass CISSP again?” are two questions I get a lot.

They’re fair questions, and the answer is, it depends. But I can help you figure out the answer for yourself.

Read more

Do I have enough CISSP work experience?

It seems like about once a month an aspiring coworker asks me how to get enough CISSP work experience. I think this shows a misunderstanding of the requirement, so I’m going to try to clear it up.

You don’t have to get your five years of work experience in one big lump. And that’s a good thing, because that would be hard to do. Sometimes you can get a security job without a cert and work your way toward it, but a lot of employers want you to come in with the certification already.

But that’s OK. As long as you’re doing something more than selling computers at retail, odds are you have some security experience that can count toward the requirement.

Read more

Catch up on Microsoft patching fast

Last week, Microsoft quietly released its convenience update pack for Windows 7, 8.1., and Server 2008R2. This is a great opportunity to catch up on Microsoft patching, as it incorporates all of Microsoft’s OS-level updates from the release of Service Pack 1 to April 2016.

Here’s how to use this to clear your corporation’s backlog of Microsoft patches. No, I haven’t seen your corporate network, but I’ll bet you have one.

Read more

My first blog post for Qualys

A chance conversation with a Qualys customer a few weeks ago veered off topic really fast, but it led to another conversation, which caught a manager’s attention and led to my first  blog post for them.

Read more