I let my account team know that 48 hour turnaround for the checks was too long. Now it's once a month.
I guess that's progress :( -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Nathaniel Austin Sent: Tuesday, October 28, 2008 9:33 AM To: [email protected] Subject: Re: [CLEANACCESS] Microsoft Patch Hey Bruce, I understand your frustration at the situation - if I was in your place I would feel the same way. Thank you for alerting your account team about the situation. Ultimately there is a much better chance of anything changing if they are involved. Thanks, Nate Osborne, Bruce W. (NS) wrote: > Nate, > > As a large institution, Liberty University cannot upgrade very often and we > need stable, reliable code. At our last decision point, the best code was > 4.1.2.1. This version requires our clients to use Cisco's preconfigured > checks. We cannot use the WSUS style requirements. Also, a majority of our > machines are owned my students, and not part of our domain. > > Cisco's customers were not notified of your policy change to release > preconfigured checks monthly, regardless of Microsoft's patch release. > > Due to the MS08-067 patch release & known exploit code and The BU's failure > to release a check, our network security is compromised unless we create our > own solution. > > > The BU needs to reconsider their decision to allow known exploits on Cisco's > customer networks. Their job may depend on it! > > > BTW, I have passed similar sentiments up to our account team & VAR. > > Bruce Osborne > Liberty University > > > -----Original Message----- > From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] > On Behalf Of Nathaniel Austin > Sent: Tuesday, October 28, 2008 8:58 AM > To: [email protected] > Subject: Re: [CLEANACCESS] Microsoft Patch > > Hey Timothy, > > In my experiences you are one of the minority - most people want to > minimize user impact and just trust Microsoft if there is a discrepancy. > So if you like using our ruleset, then by all means don't change - > unfortunately that ruleset is not going to add in a check for this > hotfix until next month. I wish I could tell you otherwise, but thats > the situation right now. > > Nate > > Riegert, Timothy J. wrote: > >> We've been using the Cisco checks and have noticed some instances where >> Windows Update reports no new updates to install, even though they are >> missing updates. Sometimes running a Windows Update fix script (re-registers >> .dlls, installs latest version of Windows Update client, etc.) fixes these >> computers and they'll be able to download the patches through Windows >> Update, but sometimes it doesn't help and they must manually install the >> updates. We are happy that the Cisco checks are helping to identify these >> discrepancies. >> >> Would I be accurate in stating the WSUS method assumes the Windows Update >> client is always working correctly? >> >> >> -----Original Message----- >> From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] >> On Behalf Of Nathaniel Austin >> Sent: Monday, October 27, 2008 9:45 PM >> To: [email protected] >> Subject: Re: Microsoft Patch >> >> Hey Mike, >> >> Word from the BU is that they will only update from Microsoft once a >> month, so this one will not go into the checks and rule set until next >> months Patch Tuesday release. >> >> So a preemptive apology to everyone out there who wants this now. I >> think there are some good custom checks that some of you have created to >> at least get it checked for in your environments in the meantime. >> >> I know this isn't really a consolation, but I think this again proves >> that the WSUS style requirement that checks against Microsoft's WU >> servers instead of our checks and rules is a much better option. >> >> Nate >> >> Mike Diggins wrote: >> >> >>> On Mon, 27 Oct 2008, Osborne, Bruce W. (NS) wrote: >>> >>> >>> >>>> When I last checked this afternoon, Cisco still did not have their >>>> check published. What happened to the commitment to publish within 48 >>>> hours of patch release?? >>>> >>>> >>> I was wondering that myself. I checked a few times today to see if it >>> had been published. I normally only update my CCA servers once a >>> month, so as not to annoy my clients too much, but this one seems like >>> it needs special attention. >>> >>> -Mike >>> >>>
