Jump to content


  • 0
MrHaugen

SCCM Security Update list messed up by a newbie

Question

Hi

 

I've played a bit with our new SCCM setup, and I've messed it up a bit I think. Before I read that SCCM should be the only way you approve updates, I managed to approve a whole lot of security updates in WSUS. What I did was to go to the options for automatic approval in WSUS, and chose to automatically approve all security updates. Immediately after I thought that this might be stupid, so I turned it off, and unapproved all patches. But the damage was done. The server started downloading a lot of patches over the next couple of days. Now it holds about 25GB worth of patches.

 

Now, when I go to SCCM and check the Search Folders for for instance all Bulletin ID's with MS10, I only get a partial list. MS10-001, MS10-002, MS10-005, MS10-007 and so on. It looks like this is only the patches that WSUS downloaded. The WSUS have a SUP configured. I've tried to Synchronize the Update Repository, but the list is still incomplete. It's like there is no connection to Microsofts online software library, and I can only see the downloaded WSUS items.

 

Any of you have an idea on how I can correct this mistake, and start to use SCCM exclusively for software approval and deployment.

Share this post


Link to post
Share on other sites

10 answers to this question

Recommended Posts

  • 0

Thanks! Here's a screenshot of a small part of the list, together with the Search Folder Criterias. Just tell me if there is some more info or images that is required.

 

looks alright to me, compare it to my lab

 

2010.jpg

Share this post


Link to post
Share on other sites

  • 0

Ok..... Glad it's not just me then :) Where is the rest of the Security Bulletins? Probably something very logical here I'm missing.

 

Let's take a couple of examples of the "missing" patches.

 

MS10-002:

Microsoft Security Bulletin MS10-002 - Critical

Cumulative Security Update for Internet Explorer (978207)

Rated Critical for all supported releases of Internet Explorer: Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, Internet Explorer 7, and Internet Explorer 8 (except Internet Explorer 6 for supported editions of Windows Server 2003)

 

MS10-006:

Microsoft Security Bulletin MS10-006 - Critical

Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)

Rated Critical for Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows 7, and Windows Server 2008 R2, and is rated Important for Windows Vista and Windows Server 2008

 

 

 

The first one is not for any particular OS, so if we have somehow managed to select only patches for OS, that would explain something. But I'm missing OS patches also. I don't see the connection.

If I go to Security Updates and All Updates insted of the Search Folders I'm still left with the same incomplete list. Where have those other patches gone? What am I not seeing here?

Share this post


Link to post
Share on other sites

  • 0

*Quick update*

The MS10-002 is actually a Cumulative security update, which have been superseded or expired. It does not show up when selecting No on Expired and Superseded.

 

MS10-006 and another example like MS10-018 should be in the list though. I've checked several updates, and on the WSUS server I can see no differences on the patches.

Share this post


Link to post
Share on other sites

  • 0

*Quick update*

The MS10-002 is actually a Cumulative security update, which have been superseded or expired. It does not show up when selecting No on Expired and Superseded.

 

MS10-006 and another example like MS10-018 should be in the list though. I've checked several updates, and on the WSUS server I can see no differences on the patches.

 

 

You are correct since those Bulletin ID's which are missing are superseeded by other updates

MS10-002 is superseeded by MS10-018 and MS10-006 is by MS10-020.

Share this post


Link to post
Share on other sites

  • 0

Yes, your correct about MS10-002. It was might fault to take this as an example. Did not check my two search folders on that one I think.

I did on both MS10-006 and 018 though, and they are neither shown in my Search Folder with or without Expired and Superseeded options. Why is that? Have MS not been consistent in their Patch tagging or what? When I notice irregularities like this, I'm a bit concerned about rolling out bundles of patches. New monthly patches will not be that much of a problem, as I'll check every single one. But I do not want to look through all previous patches.

Share this post


Link to post
Share on other sites

  • 0

MS10-018 is expired and MS10-020 is available in configmgr

 

play around with your search folder criteria

for example if you have one search folder for Expired=yes you'll see MS018 listed as an expired update

 

ms18.png

Share this post


Link to post
Share on other sites

  • 0

That's the big problem. I don't. In your list you have 18, 24, 25, 53. If I make the exact same search criteria I get only MS10-002 and MS09-025.

 

I've made several search folders. One clean with only MS10 as Bulletin Search criteria. One with 2010 Updates with Expired set to Yes, and one with 2010 updates with Superseeded set to Yes. It is absolutely possible that this patches I can't see has expired or been superseeded, but I should have seen them in one of my many lists. I'm getting rather concerned about what else might be missing and why. Maybe this have something to do with my "accidental" WSUS approval after all? You know how I can check the actual location of the patchet? Is it taken from our WSUS server, or are WSUS just providing a list of updates from Microsoft?

 

There is also other patches like Office patches that is not on this list, like MS10-038, but those have been filtered out by WSUS earlier and just recently been added to the WSUS categories.

 

Something seems to be off. You guys have some ideas as where to start looking? I'm just to new to SCCM to figure out how all this is working.

post-7785-12906892667045_thumb.jpg

post-7785-12906892731149_thumb.jpg

post-7785-12906903394205_thumb.jpg

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.