- Details
- Category: Solutions
Patch Management for Third Party Applications
A shift is occurring in today's endpoint environment. Though most organizations have invested considerable time and effort to improve their patch management processes, only patching Microsoft-based servers and operating systems is no longer enough. As the use of third party applications and software has increased in the workplace, so has the risk to organizations' IT environments:
- More than two-thirds of all endpoint vulnerabilities are found in third party desktop applications
- 49 percent of vulnerabilities were within Web applications1
- It takes twice as long for most organizations to patch third party application vulnerabilities than it does to patch operating system vulnerabilities2
Cyber-criminals have taken notice of this shift. Even as organizations have improved patch management processes for their operating systems and OS vendors have plugged many of the security gaps within their platforms, the un-patched vulnerabilities for third party applications and software provides attackers with new options to exploit. According to one set of research, there are at least 2.7 billion un-patched applications running on machines within the U.S. alone. And 98 percent of Windows machines have at least one un-patched application.3
This shift in IT risk from operating systems to applications is why the SANS Institute now ranks patching client-side software as the top IT security priority.
Leading Patch Management Solution
Lumension Vulnerability Management, has been rated by analyst firms such as Forrester and IDC as a "leader" in vulnerability management because of its robust feature-set and broad support that:
- Streamlines patch management across OS’s and applications, with administration from a single, intuitive graphical console
- Provides broad support for multiple platforms, including Windows, Unix, Linux and Mac OS, and for third party applications, with the largest repository of Adobe vulnerability content
- Integrates asset discovery of managed and unmanaged devices for full network visibility and continuous control across physical and virtual environments
- Automates policy baselines to ensure continuous patch enforcement – even for machines that have been powered down
Lumension Vulnerability Management provides a complete patch management solution that automates the entire process from vulnerability identification to patch collection, distribution, remediation and verification reporting.
Application Support
Lumension currently supports the application patches for Lumension Patch and Remediation listed in Table 1. Products are supported only for applicable, supported operating systems (see Operating System (Platform) Support). Current application support for UNIX and Linux is restricted to OS vendor-provided patches and may not be fully described in Table 1.
Items shaded in blue are legacy patches that are no longer supported on an ongoing basis, but are still available in the Lumension Content Repository. Table 2 lists the antivirus applications for which virus definition updates are available in the Lumension Content Repository.
Table 1: Application Support for Lumension Patch and Remediation
| Publisher | Product | Min Version | Latest Version | Non-Security Patches | Security Patches | Supported Platform |
| Adobe | Acrobat Pro | 8.1.3 | 9.3.1 | N | Y | Windows |
| Adobe | Acrobat Standard | 8.1.3 | 9.3.1 | N | Y | Windows |
| Adobe | AIR | 1.5.3.9130 | 1.5.3.9130 | N | Y | Windows |
| Adobe | InDesign | CS3 5.0.4 | CS4 6.0.4 | N | Y | Windows |
| Adobe | Macromedia Flash Player (Internet Explorer) | 6.0.65 | 10.0.45.2 | N | Y | Windows |
| Adobe | Macromedia Flash Player (Other Browsers) | 8.0.22 | 10.0.45.2 | N | Y | Windows |
| Adobe | Macromedia Flash Player for Mac OS X | 9.0.47 | 10.0.45.2 | N | Y | Mac OS X |
| Adobe | Photoshop | CS3 10.0.1 | CS4 11.0.1 | N | Y | Windows |
| Adobe | Reader | 5.1 | 9.3.1 | N | Y | Mac OS X |
| Adobe | Reader | 5.1 | 9.3.1 | N | Y | Windows |
| Adobe | Shockwave Player for Mac OS X | 11.5.0.600 | 11.5.6.606 | N | Y | Mac OS X |
| Adobe | Shockwave Player for Windows | 11.5.0.600 | 11.5.6.606 | N | Y | Windows |
| Apple | iLife - including desktop applications (GarageBand, iDVD, iMovie, iPhoto, iWeb) | iLife 06 GarageBand 3.0.4 iDVD 6.0.1 iMovie 6.0.1 iPhoto 5.0.3 iWeb 1.0.1 |
iLife 09 GarageBand 5.1 iDVD 7.0.4 iMovie 8.0.3 iPhoto 8.1.1 iWeb 3.0.1 |
N | Y | Mac OS X |
| Apple | iLife Media Browser | Update | Latest | N | Y | Mac OS X |
| Apple | iTunes for Mac | 6.0.4 | 9.1 | N | Y | Mac OS X |
| Apple | iTunes for Windows | 7.6 | 9.1 | N | Y | Windows |
| Apple | QuickTime for Windows | 6 | 7.6.6 | N | Y | Windows |
| Apple | QuickTime for Mac OS | 6.5 | 7.6.6 | N | Y | Mac OS X |
| Apple | Safari | 1.3.1 | 4.0.5 | N | Y | Mac OS X |
| Citrix Systems | ICA Win32 Client | 6.30 | v10.1 | N | Y | Windows |
| Lumension | All products | NA | Latest | Y | Y | All |
| Microsoft | .NET Framework | 1.0 SP2 | 3.5 SP1 | N | Y | Windows |
| Microsoft | Data Access Components (MDAC) | 2.5 | 2.8 SP1 | N | Y | Windows |
| Microsoft | DirectX | 7.0 | 10.0 | N | Y | Windows |
| Microsoft | Exchange Server | 5.5 | 2007 SP2 | N | Y | Windows |
| Microsoft | Exchange Server 2007 SP2 Update Rollups | 1 | 2 | NA | NA | Windows |
| Microsoft | FrontPage Server Extension (FPSE). | 2000 | 2002 | N | Y | Windows |
| Microsoft | Host Integration Server | 2000 | 2006 | N | Y | Windows |
| Microsoft | Internet Explorer | 5.01 | 8.0 | N | Y | Windows |
| Microsoft | Internet Information Service (IIS) | 4.0 | 7.0 | N | Y | Windows |
| Microsoft | Internet Security and Acceleration Server (ISA) | 2000 | 2006 SP1 | N | Y | Windows |
| Microsoft | Jet | 4.0 | 4.0 | N | Y | Windows |
| Microsoft | MSDE | 2000 | 2000 | N | Y | Windows |
| Microsoft | MSN Messenger | 5 | 7.6 | N | Y | Windows |
| Microsoft | MSXML | 1 | 6.0 SP1 | N | Y | Windows |
| Microsoft | Office - including desktop applications (Access, Excel, FrontPage, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word) | Office 2000 OneNote 2003 Project 2002 Publisher 2002 Visio 2002 |
Office 2007 OneNote 2007 Project 2007 Publisher 2007 Visio 2007 |
N | Y | Windows |
| Microsoft | Office for Mac - including (Word, Excel, PowerPoint, Entourage, no MS Expression, no Media Support) | Office 2004 | Office 2008 | N | Y | Mac OS X |
| Microsoft | Office Viewer - including (Word, Excel, PowerPoint, Visio) | Excel Viewer 2003, Word Viewer 2003, PowerPoint Viewer 2007, Visio Viewer 2007 | Excel Viewer 2007, Word Viewer 2007, PowerPoint Viewer 2007, Visio Viewer 2007 | N | Y | Windows |
| Microsoft | Outlook Express | 5.5 SP2 | 6.0 SP1 | N | Y | Windows |
| Microsoft | Remote Desktop Connection Software | 5.1.2600 | 5.1.2600 | N | N | Windows |
| Microsoft | SharePoint Service | 2.0 | 3.0 SP2 | N | Y | Windows |
| Microsoft | SharePoint Server | 2005 | 2007 SP1 | N | Y | Windows |
| Microsoft | SharePoint Team Services | Office XP | Office XP | N | Y | Windows |
| Microsoft | SQL Server | 7 | 2008 SP12 | N | Y | Windows |
| Microsoft | Virtual PC | 2004 SP1 | 2007 SP1 | N | Y | Windows |
| Microsoft | Virtual Server | 2005 R2 SP1 | 2005 R2 SP1 | N | Y | Windows |
| Microsoft | Visual Studio .NET | 2003 | 2003 | N | Y | Windows |
| Microsoft | Visual Studio | 2005 | 2008 SP1 | N | Y | Windows |
| Microsoft | Windows Installer | 2.0 | 3.1 | N | Y | Windows |
| Microsoft | Windows Media Player | 6.4 | 11 | N | Y | Windows |
| Microsoft | Windows Live Messenger | 8.1 | Version 2009 | N | Y | Windows |
| Microsoft | Windows Messenger | 4.7 | 5.1 | N | Y | Windows |
| Microsoft | Windows Update | NA | Latest | N | Y | Windows |
| Microsoft | Windows Update Agent | 3.0 | 3.0 | N | Y | Windows |
| Mozilla | Firefox | 1.0.4 | 3.6.3 | N | Y | Windows |
| Mozilla | Firefox | 2.0.0.7 | 3.6.3 | N | Y | Mac OS X |
| Novell | Netware Windows Client | 4.83 | 6.5 Support Pack 7 | N | Y | Windows |
| Oracle | Java for Mac OS X | 1.3 | 1.6 | N | Y | Mac OS X |
| Oracle | Java Runtime Environment (JRE) | 1.4.2_03 | 1.6.0_19 | N | Y | Windows |
| Real Networks | RealPlayer SP | 8 (6.0.9.584) | 1.1 (12.0.0.591) | N | Y | Windows |
| Skype | Skype | 3.8 | 4.0 | N | Y | Windows |
| VMware | Fusion | 2.0.1 | 2.0.1 | N | Y | Mac OS X |
| VMware | Player | 2.5.1 | 2.5.1 | N | Y | Windows |
| VMware | Server | 2.0 | 2.0 | N | Y | Windows |
| VMware | Workstation | 6.5.1 | 6.5.1 | N | Y | Windows |
| WinZip | WinZip | 9.0 | 11.2 SR-1 | N | Y | Windows |
1 = Supported by Update 6.4 SP2 and higher
2 = Supported by LEMSS 7.0 and higher
Note: legacy support are listed in blue
Table 2: Antivirus Definition File Support for Lumension Patch and Remediation
| Publisher | Product | Min Version | Latest Version | Supported Platform |
| Authentium / Command Software | Command Software Antivirus DEF File | 4.75.5 | 4.93.8 | Windows |
| Authentium / Command Software | Command Software Antivirus Installer | 4.75.5 | 4.92.91 | Windows |
| Computer Associates | eTrust Antivius DAT files (InoculateIT Engine) | 6.00 | Windows | |
| Computer Associates | eTrust Antivius DAT files (Vet Engine) | 6.00 | 7.10 | Windows |
| Computer Associates | eTrust Antivirus | 6.00 | 7.10 | Windows |
| Frisk Software | F-Prot Antivirus DEF Files | NA | Latest | Windows |
| Frisk Software | DEF files for Document / Office / Macro | NA | Latest | Windows |
| F-Secure | Antivirus | 5.x | 5.x | Windows |
| McAfee | Virex | 7.20 | Latest | Mac OS X |
| McAfee | VirusScan DAT files | 6.x | Latest | Windows |
| McAfee | VirusScan Engine | 4.00 | Latest | Windows |
| McAfee | VirusScan Enterprise Engine | 7.00 | 8.7 | Windows |
| McAfee | VirusScan SuperDAT files | 4.x | 8.7 | Windows |
| Microsoft | Malicious Software Removal Tool | NA | Latest | Windows |
| Microsoft | Outlook 2003 Junk E-mail Filter | NA | Latest | Windows |
| Microsoft | Outlook 2007 Junk E-mail Filter | NA | Latest | Windows |
| Microsoft | Windows Defender | 1.1.1593 | Latest | Windows |
| Microsoft | Windows Mail Junk E-mail Filter | NA | Latest | Windows |
| Sophos | Antivirus | 3.58 | v4.10 | Windows |
| Symantec | Symantec Antivirus Corporate Edition Client for 64-bits OS only | 10.00 | 10.20 | Windows |
| Symantec | Symantec/ Norton Antivirus | NA | Latest | Windows |
| Symantec | Symantec/ Norton Antivirus | 9.0.1 | Latest | Mac OS X |
| Trend Micro | OfficeScan | 5.58 | Latest | Windows |
| Trend Micro | ServerProtect | 5.56 | Latest | Windows |
Note: legacy support are listed in blue
Source:- IBM X-Force 2009 Trend and Risk Report
- SANS Institute
- Secunia Half Year Report 2010