Comments

17 comments

  • Wendy Fordham

    I came here to look for this specific question...

    0
    Comment actions Permalink
  • Jamie Voto

    A custom Windows Update collection library like what was done with the WannaCrypt patch last year would be helpful as well.

    0
    Comment actions Permalink
  • Stephen Valdinger

    They addressed this in the webcast today. There is a LOT of speculation floating around the internet right now, and Microsoft is working on patches. Once they are available they will be released to the package library from what I understand. 

    This will likely have a Collection in Inventory as well if I know them. If not I'm sure one can be created and the XML posted here, but I will wait for an official response.

    0
    Comment actions Permalink
  • Daniel Swinford

    Microsoft released a patch yesterday which is why I was asking

    0
    Comment actions Permalink
  • Colby Bouma

    We are working on it right now. All packages go through a thorough QA process, so it takes some time.

    0
    Comment actions Permalink
  • Jamie Voto

    Patches were released yesterday.  Good to hear that at least they are working on a package.  What about a custom group collection library? 

    0
    Comment actions Permalink
  • Daniel Swinford

    Thanks for the reply Colby. I appreciate it!

    0
    Comment actions Permalink
  • Nathan Lin

    Any status on the packages?

    0
    Comment actions Permalink
  • Heath Grim

    I just wanted to let everyone know that I am running ESET Endpoint Antivirus in our environment and they were one of the first companies to be compatible with the Microsoft patches released on 1/3.  So I deployed the Windows 10 and Windows 7 cumulative patches from PDQ and 98% of my devices updated without an issue.  However, the last 2% gave me a nice BSOD during the required reboot.  After doing some research, I found that PCs with older AMD Athlon processors are having issues with this patch.  So if you have old AMD devices in your environment, be careful deploying this patch or hold off altogether.  Luckily, I was able to use System Restore to get the PCs up and running but it was still a headache!  What bothers me even more is that these old devices are being replaced in about a month.  Talk about bad timing!

    https://answers.microsoft.com/en-us/windows/forum/windows_7-update/stop-0x000000c4-after-installing-kb4056894-2018-01/f09a8be3-5313-40bb-9cef-727fcdd4cd56?auth=1

    0
    Comment actions Permalink
  • Greg Mills

    Does anyone have any update on this? I'd like to be able to use PDQ Inventory to audit my estate and report those devices that have not been patched against Spectre and Meltdown. I can appreciate the patches themselves may not yet be available, but an audit would tell us how big the problem is and we could then manually patch critical systems.

    Thanks

    0
    Comment actions Permalink
  • Heath Grim

    Before I deployed the Microsoft patches, I first created a new registry scan profile that searched for the following key and value name.  If it existed, then I knew our anti-virus was compatible with the patches.  I then created two collections; one for devices that did not contain this value and one that contained the value.  Once I scanned all of my devices with the new registry scan profile, I was able to see which devices were compatible and which ones were not.  This worked for me except for the few older AMD devices that gave me the BSOD.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc

    0
    Comment actions Permalink
  • Daimon Oberholtzer

    If you are just looking for a simple way to check for the related Windows Updates I created a simple Collection to check for the presence of the Hotfixes (KB4056894 and KB4056897):

    You can of course add additional values to look for but this could be a good start.

    0
    Comment actions Permalink
  • Greg Mills

    Hi Daimon, that is exactly what I'm looking for, thanks. Although I was hoping PDQ would push something out via an update or whatever. Given the importance of this vulnerability I'd have thought the providers of all patch management solutions would have been falling over themselves to advertise that they have things in hand.

    Cheers

    1
    Comment actions Permalink
  • Ericc Diaz

    Has anyone figured out how to deploy the Microsoft script via PowerShell to see if the patches and firmware are up to date?

    0
    Comment actions Permalink
  • Daimon Oberholtzer

    As an example, I created a dynamic collection for each type of System we have and also checked the BIOS to see if it is at the needed version:

    0
    Comment actions Permalink
  • Ericc Diaz

    That's a lot of individual collections. Any way to consolidate?

    0
    Comment actions Permalink
  • Daimon Oberholtzer

    I had originally created a collection of the system versions we had that were on our vendor's list of updatable BIOS versions and let PDQ pull in the targets:

    0
    Comment actions Permalink

Please sign in to leave a comment.