Microsoft re-released two Critical Security Bulletins in September, one of them (MS06-042) was actually a “re-re-release” (version 3 of the updates). Many customers were confused by this and we received various inquiries asking us to help identify the correct Fixlet messages to deploy. To help BES operators distinguish between different sets of Fixlet messages, we are considering changing our Fixlet title policy to tag re-released and superseded updates. Fixlet messages in the “Patches for Windows” sites that deploy re-released and/or superseded updates will have their Fixlet titles modified.
Examples:
Superseded:
MS05-016: Vulnerability in Windows Shell that Could Allow Remote Code Execution - Windows Server 2003 (Superseded)
MS05-016: CORRUPT PATCH - Windows Server 2003 (Superseded)
MS05-023: Vulnerabilities in Microsoft Word May Lead to Remote Code Execution - Office 2003 (Local/Network Install) (Superseded)
Re-released:
MS06-042: Cumulative Security Update for Internet Explorer - IE 5.01 SP4 - Windows 2000 SP4 (v3)
MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service - Windows XP (v2) (Superseded)
MS05-019: REVISED PATCH - Windows XP (v2) (Superseded)
Please let us know what you think of this change. Will this be helpful? Does the proposed naming scheme work? Are there other tags that we should consider adding to the Fixlet titles? We are looking to make this change in early October, so any feedback you provide will be very helpful!
I think that adding the (v#) and (Superseded) tags to the end of the description is helpful information to have easily available in the console and works well within the scope of the current naming convention.
While we are on the topic of naming, it would be nice to have sortable columns for each of the pertinent pieces of data that currently appear in the fixlet name field.
I have wished at times for a way to get all the superseded fixlets into a single list so that I could check policy actions and baselines in order to update or remove them as needed.
While we are on the topic of naming, it would be nice to have sortable columns for each of the pertinent pieces of data that currently appear in the fixlet name field.
I have wished at times for a way to get all the superseded fixlets into a single list so that I could check policy actions and baselines in order to update or remove them as needed.
Thanks for the feedback Brolly, we have received similar suggestions for additional sortable Fixlet columns, it is one of the enhancements currently being considered for BES 6.1.
There has been some internal feedback to include more information about the re-release in the title. We are now planning to add the re-release date as well:
Re-released:
MS06-042: Cumulative Security Update for Internet Explorer - IE 5.01 SP4 - Windows 2000 SP4 (v3, re-released 9/12/2006)
I appreciate that clarification in the first version.
Maybe it is possible to support additional properties like “OS”, “version”, “superseeded by” or “superseeding” and “last version date”. These fields should be searchable.
From my point of view, I would like to see the OS-Version for a fixlet in first part unless you do not support multi version fixlets for different OS releases, e.g.
Maybe it is possible to support additional properties like “OS”, “version”, “superseeded by” or “superseeding” and “last version date”. These fields should be searchable.
Rolf, those additional properties are all good ideas, if and when we add that capability into BES, we will probably compile a list of Fixlet properties we are considering and solicit more feedback from customers on this forum.
Rolf.Wilhelm
From my point of view, I would like to see the OS-Version for a fixlet in first part unless you do not support multi version fixlets for different OS releases, e.g.
“MS06-040: W2K/SP4 - xyz…”
This is a valid request, some customers may care more about the “OS Version” than the bulletin title. However, due to various reasons the placement of the “OS Version” is not likely to change right now. I think the right solution is to allow each customer to customize this according to their own needs. Perhaps in a later version of BES, once we support additional Fixlet fields, we will provide the ability to display only fields you are interested in, and re-order the fields arbitrarily in various views and reports. I will file a feature request for this.
Existing “Patches for Windows” content has been updated to add the discussed tags. Future re-released and superseded content will also follow this new policy. Similar title changes will be made across non-Windows patch sites over the next 4-6 weeks. Thanks to everyone who provided feedback!