Online Windows Updating (patching) seems to find additional available updates after my KACE enabled workstation is inventoried by KACE, the catalog is update based on the inventory, the workstation is updated based on the updated catalog but there are still online updates available if the online updating is run from the local workstation.  Some are Office updates but some are Windows 7 op sys updates.

Answer Summary:
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

2

I have noticed something similar in our environement. Here are some steps you may want to take, which may not necessarily eliminate your issue, but may reduce the number of these updates.

- Examine your subsciption settings. May be even uncheck "Hide Disabled Patches on Patch Listing".

- Make sure your Labels or Smart Labels include everything you need.

- Run the Windows updater, see what's missing and look for those KBs within the patch list in KBOX. I'm certain that a large number of them are available, but are simply not being downloaded, or pushed based on your labels.

Keep in mind that updates in KBOX appear a few days later, or even weeks (for not critical ones) than they do in the Windows updater. This means that you may have to examine patches with older release dates as they may have appeared afterwards.

If all else fails and you feel you just need someone to take a look at it for you - call KACE :), I file a ticket with them every week just to make sure they remember my name

Answered 07/20/2012 by: bsyarov
Senior Yellow Belt

Please log in to comment
2

Can you post your patch labels?

You can always do a search for the specific patch and see what patch labels are associated.

Answered 07/20/2012 by: dugullett
Red Belt

  • i am having the same issue here and this week i recreated new labels for some reason i cant pull this month ms update


    MS12-043

    Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (2722479)

    This security update resolves a publicly disclosed vulnerability in Microsoft XML Core Services. The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes the user to the attacker's website.


    MS12-044

    Cumulative Security Update for Internet Explorer (2719177)

    This security update resolves two privately reported vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.



    MS12-045

    Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (2698365)

    This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user views a specially crafted webpage. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.




    MS12-046

    Vulnerability in Visual Basic for Applications Could Allow Remote Code Execution (2707960)

    This security update resolves one publicly disclosed vulnerability in Microsoft Visual Basic for Applications. The vulnerability could allow remote code execution if a user opens a legitimate Microsoft Office file (such as a .docx file) that is located in the same directory as a specially crafted dynamic link library (DLL) file. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.


    MS12-047

    Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2718523)

    This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability.



    MS12-048

    Vulnerability in Windows Shell Could Allow Remote Code Execution (2691442)

    This security update resolves one privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if a user opens a file or directory with a specially crafted name. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.



    MS12-049

    Vulnerability in TLS Could Allow Information Disclosure (2655992)

    This security update resolves a publicly disclosed vulnerability in TLS. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. All cipher suites that do not use CBC mode are not affected.



    Windows Malicious software Removal Tool- July 2012
    i am missing all those updates i know 3 of them are critical i should be able to download them i have disable patches on patch listing checked should i uncheck
    • These patches are showing in my kbox. Remember the come from http://leic.lumension.com/ so sometimes they might now show right away. Do an individual search for each patch MS12-043, MS12-044, and so on. Remember by default "view by 2012" is selected. Make sure to select "all patches" before the search. Try and troubleshoot your patches to find out why those didn't make the search criteria. If you want to post your labels I'll help you out.
  • this is what i have for my labels select UID from KBSYS.PATCHLINK_PATCH where ((( (((1 in (select 1 from KBSYS.PATCHLINK_LST, KBSYS.PATCHLINK_LST_PATCH_JT where KBSYS.PATCHLINK_PATCH.UID = KBSYS.PATCHLINK_LST_PATCH_JT.PATCHUID and KBSYS.PATCHLINK_LST_PATCH_JT.LST_ID = KBSYS.PATCHLINK_LST.ID and KBSYS.PATCHLINK_LST.ID in (201,203,205,204,206,207,208,209,215,217,218,214,202,211,212,100,301,303,305,304,306,307,308,309,315,317,318,314,302,311,312,101,32,33,36,38) )) ) and ((1 in (select 1 from KBSYS.PATCHLINK_LST, KBSYS.PATCHLINK_PACKAGE, KBSYS.PATCHLINK_PACKAGE_OS_TYPE_JT where KBSYS.PATCHLINK_PATCH.UID = KBSYS.PATCHLINK_PACKAGE.PATCHUID and KBSYS.PATCHLINK_PACKAGE.FILENAME = KBSYS.PATCHLINK_PACKAGE_OS_TYPE_JT.FILENAME and KBSYS.PATCHLINK_PACKAGE_OS_TYPE_JT.OS_TYPE_ID = KBSYS.PATCHLINK_LST.OS_TYPE_ID and KBSYS.PATCHLINK_LST.ID in (201,203,205,204,206,207,208,209,215,217,218,214,202,211,212,100,301,303,305,304,306,307,308,309,315,317,318,314,302,311,312,101,32,33,36,38) )) ))) AND KBSYS.PATCHLINK_PATCH.IMPACTID = 'Critical') AND (1 in (select 1 from PATCHLINK_PATCH_STATUS where PATCHLINK_PATCH.UID = PATCHLINK_PATCH_STATUS.PATCHUID)) )
  • i created a new lable with this criteria and i was able to pull all those updates

    select UID from KBSYS.PATCHLINK_PATCH where ( KBSYS.PATCHLINK_PATCH.VENDOR like '%MICROSOFT%')
Please log in to comment
Answer this question or Comment on this question for clarity

Share