I had an update on my system in a partially installed state. Our vulnerability scanner determined one file, MSO.dll, was still out of date. It recommended a patch to apply. Running it gave me an error message. Here’s what to do when Windows says the update is already installed on this system and refuses to let you do anything but click OK.
Because hey, from a security analyst’s point of view, this is anything but OK. I get questions about patches in a partially deployed state all the time, so I figured I’d write about it. Here’s what I do when security updates fail to apply with this error.
One of my clients asked me to explain superseded patches and how they relate to vulnerability management and patch management. This is a common question about a common complaint. Knowing the meaning of superseded patches and how to handle them is absolutely critical for running a successful security program.
As a vulnerability management professional, I talk about vulnerability scanning best practices a lot. There’s a lot more to vulnerability management than just scanning, but if you don’t get scanning right, the rest of the program suffers.
I’m going to talk about a lot of technical controls here, but don’t forget the nontechnical side. People and processes have to support all technology.
Vulnerability management and patch management are close relatives. In most companies, think of them as siblings who hate each other. That’s usually how it plays out. It doesn’t always have to be that way, but it takes some thought and strategy from both sides. Here are some ideas for patch management strategy.
I had a client with a huge list of hostnames that they needed to convert to IP addresses so they could scan them. That’s common. I used to have a Windows batch file to convert a list of hostnames to a list of IP addresses, so I dug it out of my archives. This uses ping but isn’t like a ping sweep; they knew the machine names but their tool needed IPs.
I used the file to resolve lists of machines so I could load them into a centralized logging or vulnerability management system. This client had the same need and nobody there had a similar tool. So I shared mine with them. And I present it here so I won’t lose it again, and if you need it, you can use it too.
I recently saw advice to buy a Cisco RV130W instead of buying an Asus router such as an RT-AC66U and souping it up with Asuswrt-Merlin. I can see both sides of the argument but in the end I favor the Asus solution when I consider Asuswrt-Merlin vs Cisco. Here’s why.
Now, if you’re arguing business vs personal use, there’s no contest. In a business setting, buy the Cisco.
Consumer routers drive security professionals like me crazy. I’m happy to say I finally found a router that doesn’t drive me nuts. I want you to buy an Asus RT-AC66U. I’m going to tell you why, and I’m going to tell you how to configure it. Here’s how to set up an Asus RT-AC66U and how to optimize an Asus RT-AC66U.
It seems like about once a month an aspiring coworker asks me how to get enough CISSP work experience. I think this shows a misunderstanding of the requirement, so I’m going to try to clear it up.
You don’t have to get your five years of work experience in one big lump. And that’s a good thing, because that would be hard to do. Sometimes you can get a security job without a cert and work your way toward it, but a lot of employers want you to come in with the certification already.
But that’s OK. As long as you’re doing something more than selling computers at retail, odds are you have some security experience that can count toward the requirement.
Last week, Microsoft quietly released its convenience update pack for Windows 7, 8.1., and Server 2008R2. This is a great opportunity to catch up on Microsoft patching, as it incorporates all of Microsoft’s OS-level updates from the release of Service Pack 1 to April 2016.
Here’s how to use this to clear your corporation’s backlog of Microsoft patches. No, I haven’t seen your corporate network, but I’ll bet you have one.