To assess the current patch level (i.e. missing updates resulting in vulnerabilities), the following commands and web sites are helpful for these operating systems:
Microsoft provides a tool for analyzing the current security patch level on local or remote systems called Baseline Security Analyzer. Of course, there are two versions (2.0 and 1.2.1) of MBSA available, scanning for different software.
MBSA requires the Windows Update Agent 2.0.
Caveat: MBSA installs this software automagically if you leave Configure computers for Microsoft Update and scanning prerequisites checked. This may not be suitable for production systems.
On the local system, you have to be logged in as Administrator, with the same password that is used on the remote system. This has some interesting security (setting all administrative passwords to the same) or usability (changing your local admin password for every system scanned) implications.
MBSA is simply a genuine Microsoft tool !
In case MBSA cannot scan the system
Results of the scans are stored in directory C:\Documents and Settings\Administrator\SecurityScans
To view Sun Alert Notifications for Solaris, it is necessary to use the search engineat Sunsolve: Solaris 8 Solaris 9 Solaris 10
AIX 5 provides the compare_report command, which lists the available updates from Fix Central.
For a manual check against the list of critical fixes, use:
RedHat provides the up2date utility to list available patches: up2date -l
For manual inspection, a list of current security fixes is provided for the various releases: RedHat Security Updates
The following table provides hints to which version of various server tools should at least be installed.
Software | recommended version (and above) | |
Openssh | ||
openssl | ||
openvpn | ||
sudo | 1.6.8p10 |
Software | Recommended service pack | Important Patches |
Windows 2000 | SP4 | |
Windows XP | SP2 | |
Windows 2003 | SP1 | |
Citrix Metaframe | ||
SQL-Server |