Patch Assessment Content Update (PACU)

Prerequisites for PACU

Following are the prerequisites for installing the Patch Assessment Content Updates:

Symantec Control Compliance Suite 11.1 or 11.5

Before you install a Patch Assessment Content Update, you must have the Control Compliance Suite 11.1 or Control Compliance Suite 11.5 installed on your computer.

New signing certificate

A new signing certificate is used for all CCS files that are signed after February 23, 2016. To install PACU 2016-3 or later by using the LiveUpdate feature, you need this certificate. The certificate is valid till March 03, 2017. For the updated certificate, you must apply the Quick Fix (QF) 10212. This QF includes the Symantec.CSM.AssemblyVerifier.dll, which contains the updated CCS certificate information necessary to validate the certificate. You can download the QF 10212 .zip package from the following location:

http://www.symantec.com/docs/TECH228300

Note:

If the QF 10212 is not applied, the Automatic Updates Installation job will fail. However, there is no impact on the manual installation of PACU without this QF.

QF 10803

To receive the correct data collection results for the Is package up to date? field in the Packages entity for AIX Other Security APARs, you must apply the QF 10803. You can download the QF 10803 .zip package from the following location:

https://support.symantec.com/en_US/article.TECH239697.html

What's New in PACU 2017-2

^Back to top

PACU 2017-2 contains the following updates:

Patch Assessment Content Updates for Windows in 2017-2

See Patch Assessment Content Updates for Windows in 2017-2.
Patch Assessment Content Updates for UNIX in 2017-2

See Patch Assessment Content Updates for UNIX in 2017-2.

PACU 2017-2 includes the updates from PACU 2017-1.

Patch Assessment Content Updates for Windows in 2017-2

^Back to top

With reference to the notification published by Microsoft, there are no updates for Windows in the February 2017 security update release.

For more information, refer to the notification published at the following location.

https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/

Patch Assessment Content Updates for UNIX in 2017-2

^Back to top

The updated patches and the new patches in .dat (template) files are available for raw-data content on UNIX platforms.

Updates for the following UNIX platforms are available in this release.

Red Hat Enterprise Linux
Ubuntu
HP-UX
Oracle Solaris
IBM-AIX

Updates in PACU 2017-1

^Back to top

The PACU 2017-1 contained the following updates:

Patch Assessment Content Updates for Windows in 2017-1

See Patch Assessment Content Updates for Windows in 2017-1.
Patch Assessment Content Updates for UNIX in 2017-1

See Patch Assessment Content Updates for UNIX in 2017-1.

Patch Assessment Content Updates for Windows in 2017-1

^Back to top

PACU 2017-1 contains checks for updates released by Microsoft in January 2017 on raw-data content.

Table: Patch Assessment Content Updates for Windows in 2017-1 contains the list of the new security bulletins released by Microsoft in January 2017 for raw-data content on Windows platforms. The maximum severity ratings of the newly released bulletins are also mentioned in this table.

Note:

Severity ratings of security bulletins are decided by Microsoft and are intended to help customers assess security vulnerabilities in their environments. However, we recommend that customers evaluate their CCS environments and decide which Microsoft updates need to be applied and their deployment priorities.

Note:

Currently, the Microsoft bulletins that are related to Windows 10 platform are not supported in CCS.

Table: Patch Assessment Content Updates for Windows in 2017-1

Bulletin ID	Bulletin title	Maximum Severity Rating
MS17-002	Security Update for Microsoft Office (3214291)	Important
MS17-003	Security Update for Adobe Flash Player (3214628)	Critical
MS17-004	Security Update for Local Security Authority Subsystem Service (3216771)	Important

Patch Assessment Content Updates for UNIX in 2017-1

^Back to top

There are 53 updated patches and 225 new patches in dat (template) files for raw-data content on UNIX platforms.

Updates for the following UNIX platforms are available in this release.

Red Hat Enterprise Linux
Ubuntu
HP-UX
Oracle Solaris
IBM-AIX

Contents of the PACU

^Back to top

PACU contains the following files:

Table: Contents of the PACU

Name	Description
SEForMSPatches_Comprehensive.xml	Raw-data content standard for Windows
SEForMSPatches_Less.xml	Raw-data content standard for Windows
LinuxRecommendedPatches.dat	Raw-data content updates for Linux platforms
HP-UXRecommendedPatches.dat	Raw-data content updates for HP-UX platforms
AIXRecommendedPatches.dat	Raw-data content updates for AIX platforms
SunOSRecommendedPatches.dat	Raw-data content updates for Sun OS platforms
ESM_OSPatches_Comprehensive.xml	Message-based content updates for Windows and UNIX
bvMSSecure.xml	Raw-data content file for Windows data collection
hf7b.xml	Raw-data content file for Windows data collection
BestPractice_OS_Patch_Updates.exe	Patch Policy updates on message- based content for Windows and UNIX.
Comprehensive_AIXPatchStandard.xml	Contains checks which evaluate on APAR and Packages for AIX OS
Symantec.CSM.UnixPlatformContent.UnixPatchStandard.dll Version 11.10.10000.1160	Custom algorithm used for evaluating package checks in the Comprehensive Patch Standard for AIX.

Note:

Support for the RHBA bug fix advisories is not available in the Patch Assessment Content Update (PACU).