Patch Assessment Content

Update Release Notes for

CCS 12.0

Version: 2018-2 Update

Patch Assessment Content Update Release Notes
for CCS 12.0
Documentation version: 1.0

Legal Notice
Copyright © 2018 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, the Checkmark Logo and are trademarks or registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks
of their respective owners.

The product described in this document is distributed under licenses restricting its use, copying, distribution,
and decompilation/reverse engineering. No part of this document may be reproduced in any form by any
means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE
DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY
INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL
DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS
DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO
CHANGE WITHOUT NOTICE.

Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Technical Support
Symantec Technical Support maintains support centers globally. Technical Support’s primary
role is to respond to specific queries about product features and functionality. The Technical
Support group also creates content for our online Knowledge Base. The Technical Support
group works collaboratively with the other functional areas within Symantec to answer your
questions in a timely fashion. For example, the Technical Support group works with Product
Engineering and Symantec Security Response to provide alerting services and virus definition
updates.
Symantec’s support offerings include the following:
■ A range of support options that give you the flexibility to select the right amount of service
for any size organization
■ Telephone and/or Web-based support that provides rapid response and up-to-the-minute
information
■ Upgrade assurance that delivers software upgrades
■ Global support purchased on a regional business hours or 24 hours a day, 7 days a week
basis
■ Premium service offerings that include Account Management Services
For information about Symantec’s support offerings, you can visit our website at the following
URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement and the
then-current enterprise technical support policy.

Contacting Technical Support

Customers with a current support agreement may access Technical Support information at
the following URL:
www.symantec.com/business/support/
Before contacting Technical Support, make sure you have satisfied the system requirements
that are listed in your product documentation. Also, you should be at the computer on which
the problem occurred, in case it is necessary to replicate the problem.
When you contact Technical Support, please have the following information available:
■ Product release level
■ Hardware information
■ Available memory, disk space, and NIC information
 ■ Operating system
■ Version and patch level
■ Network topology
■ Router, gateway, and IP address information
■ Problem description:
■ Error messages and log files
■ Troubleshooting that was performed before contacting Symantec
■ Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical support
Web page at the following URL:
support.symantec.com

Customer service
Customer service information is available at the following URL:
www.symantec.com/business/support/
Customer Service is available to assist with non-technical questions, such as the following
types of issues:
■ Questions regarding product licensing or serialization
■ Product registration updates, such as address or name changes
■ General product information (features, language availability, local dealers)
■ Latest information about product updates and upgrades
■ Information about upgrade assurance and support contracts
■ Information about the Symantec Buying Programs
■ Advice about Symantec's technical support options
■ Nontechnical presales questions
■ Issues that are related to CD-ROMs, DVDs, or manuals
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please contact the
support agreement administration team for your region as follows:

Asia-Pacific and Japan customercare@symantec.com

Europe, Middle-East, and Africa semea@symantec.com

North America and Latin America supportsolutions@symantec.com

Patch Assessment Content
Update (PACU)
This document includes the following topics:

■ Prerequisites for PACU

■ What's New in PACU 2018-2

■ Security Updates and Quality Updates for Windows

■ Security Updates for UNIX

■ Updates in PACU 2018-1

■ Contents of PACU

Prerequisites for PACU

Following is the prerequisite for installing the Patch Assessment Content Updates:
■ Symantec Control Compliance Suite 12.0
Before you install a Patch Assessment Content Update, you must have the Control
Compliance Suite 12.0 installed on your computer.

What's New in PACU 2018-2

Oracle Patch Assessment Standard (for CCS 12.0.1)
With Patch Assessment Content Update (PACU) 2018-2 onwards, Oracle Database platform
is supported for patch assessment. PACU 2018-2 brings you a new technical standard called
Oracle Patch Assessment Standard. This easy-to-use light-weight predefined standard contains
a command-based check, which evaluates the security update compliance of the Oracle
 Patch Assessment Content Update (PACU) 7
Security Updates and Quality Updates for Windows

database instances in your environment. The standard also supports multiple Oracle database
instances running on a single server.
Currently, this support is available for UNIX assets on which Oracle database is installed. You
must select UNIX machine as a scope to assess Oracle database security update compliance
for the oracle database instances running on that UNIX asset. You can use this standard both
for agentless and agent-based methods of data collection.
After you assess the security update compliance of an Oracle database against this standard,
you receive a list of patch updates that are not installed on the database, but are recommended.
Only the latest Patch Updates released by Oracle after July 2017 are considered in the list of
recommended updates. The OPatch utility is used in the assessment of installed patch updates.
Make sure that the OPatch utility is installed in your Oracle Home.

Prerequisites
You must install Control Compliance Standard (CCS) 12.0.1, before you start using the Oracle
Patch Assessment Standard.

Windows and UNIX Updates

PACU 2018-2 contains the following updates:
■ Security Updates and Quality Updates for Windows
See “Security Updates and Quality Updates for Windows” on page 7.
■ Security Updates for UNIX
See “Security Updates for UNIX” on page 9.
PACU 2018-2 includes the updates from PACU 2018-1.
For detailed information about the Windows Patch Assessment Standard, refer to the Patch
Assessment Content Update Getting Started Guide for CCS 12.0.
See “Contents of PACU” on page 11.

Security Updates and Quality Updates for Windows

PACU 2018-2 contains the updated Windows Patch Assessment Standard. This standard
comprises checks related to security update rollups and quality update rollups that are released
by Microsoft in February 2018 for raw-data content.
Table 1-1 contains the following information about the new security update rollups released
by Microsoft in February 2018:
■ Name of the update rollup
■ Maximum severity rating for the rollup
 Patch Assessment Content Update (PACU) 8
Security Updates and Quality Updates for Windows

■ Links to the Microsoft Knowledge Base (KB) articles for more information about the
respective update rollups

Note: PACU 2018-2 includes Operating System related update rollups. Product-related update
rollups will be supported in future PACU releases.

Table 1-1 Microsoft Update Rollups in PACU 2018-2

Update Rollup Severity Rating KB Article

Security updates for Server 2008 Critical 4034044

4058165

4073079

4073080

4074603

4074836

4074851

4057893

4074852

Security Only Update for Windows 7 and 2008 Critical 4074587

R2

Security Only Update for Server 2012 Critical 4074589

Security Only Update for Windows 8.1 and 2012 Critical 4074597
R2

Cumulative Update for Windows 10 and Critical 4074588

Windows Server 2016
4074592

4074596

4074590

4074591

Monthly Rollup for Windows 7 and 2008 R2 Critical 4074598

Monthly Rollup for Server 2012 Critical 4074593

Monthly Rollup for Windows 8.1 and 2012 R2 Critical 4074594

 Patch Assessment Content Update (PACU) 9
Security Updates for UNIX

Note: Severity ratings of security bulletins are decided by Microsoft and are intended to help
customers assess security vulnerabilities in their environments. However, we recommend that
customers evaluate their CCS environments and decide which Microsoft updates need to be
applied and their deployment priorities.

See “Contents of PACU” on page 11.

Security Updates for UNIX

The updated patches and the new patches in .dat (template) files are available for raw-data
content on UNIX platforms.
Security updates for the following UNIX platforms are available in this release:
■ IBM-AIX
■ Red Hat Enterprise Linux
■ Ubuntu
■ Oracle Solaris
See “Contents of PACU” on page 11.

Updates in PACU 2018-1

The PACU 2018-1 contained the following updates:
■ Patch Assessment Content Updates for Windows in 2018-1
See “Security Updates and Quality Updates for Windows” on page 9.
■ Security Updates for UNIX
See “Security Updates for UNIX” on page 10.

Security Updates and Quality Updates for Windows

PACU 2018-1 contains the updated Windows Patch Assessment Standard. This standard
comprises checks related to security update rollups and quality update rollups that are released
by Microsoft in January 2018 for raw-data content.
Table 1-1 contains the following information about the new security update rollups released
by Microsoft in January 2018:
■ Name of the update rollup
■ Maximum severity rating for the rollup
 Patch Assessment Content Update (PACU) 10
Updates in PACU 2018-1

■ Links to the Microsoft Knowledge Base (KB) articles for more information about the
respective update rollups

Note: PACU 2018-1 includes Operating System related update rollups. Product-related update
rollups will be supported in future PACU releases.

Table 1-2 Microsoft Update Rollups in PACU 2018-1

Update Rollup Severity Rating KB Article

Security updates for Server 2008 Critical 4056615

Security Only Update for Windows 7 and 2008 Critical 4056897

R2

Security Only Update for Server 2012 Critical 4056899

Security Only Update for Windows 8.1 and 2012 Critical 4056898
R2

Cumulative Update for Windows 10 and Critical 4056892

Windows Server 2016

Monthly Rollup for Windows 7 and 2008 R2 Critical 4056894

Monthly Rollup for Server 2012 Critical 4056896

Monthly Rollup for Windows 8.1 and 2012 R2 Critical 4056895

Note: Severity ratings of security bulletins are decided by Microsoft and are intended to help
customers assess security vulnerabilities in their environments. However, we recommend that
customers evaluate their CCS environments and decide which Microsoft updates need to be
applied and their deployment priorities.

See “Contents of PACU” on page 11.

Security Updates for UNIX

The updated patches and the new patches in .dat (template) files are available for raw-data
content on UNIX platforms.
Security updates for the following UNIX platforms are available in this release:
■ Red Hat Enterprise Linux
■ Ubuntu
 Patch Assessment Content Update (PACU) 11
Contents of PACU

■ Oracle Solaris
See “Contents of PACU” on page 11.

Contents of PACU
PACU contains the following files:

Table 1-3 Contents of PACU

Name Description

WindowsPatchCheckStandard.xml Raw-data content standard for Windows

LinuxRecommendedPatches.dat Raw-data content updates for Linux platforms

HP-UXRecommendedPatches.dat Raw-data content updates for HP-UX platforms

AIXRecommendedPatches.dat Raw-data content updates for AIX platforms

SunOSRecommendedPatches.dat Raw-data content updates for Sun OS

platforms

ESM_OSPatches_Comprehensive.xml Message-based content updates for Windows

and UNIX

bvMSSecure.xml Raw-data content file for Windows data

collection

hf7b.xml Raw-data content file for Windows data

collection

BestPractice_OS_Patch_Updates.exe Patch Policy updates on message- based

content for Windows and UNIX.

Comprehensive_AIXPatchStandard.xml Contains checks which evaluate on APAR and

Packages for AIX OS

Symantec.CSM. Custom algorithm used for evaluating package

UnixPlatformContent.UnixPatchStandard.dll checks in the Comprehensive Patch Standard
for AIX.
Version 12.0.10000.1300

Note: Support for the RHBA bug fix advisories is not available in the Patch Assessment Content
Update (PACU).