First published on CloudBlogs on Apr 28, 2016
Author:
Raghu Kethineni, Senior Program Manager, Enterprise Client and Mobility
Today we are announcing the release of a new Vulnerability Assessment Configuration Pack for System Center Configuration Manager. You can download it
here
. Configuration Manager Vulnerability Assessment allows you to scan managed systems for common missing security updates and misconfigurations which might make client computers more vulnerable to attack.
Software installation errors and misconfigurations compromise security and stability, resulting in escalated support costs. System Center Configuration Manager Vulnerability Assessment Configuration Pack can help prevent errors and security risks, increase your organizational uptime and help you to build a more secure infrastructure. This configuration pack provides vulnerability assessment reporting for common missing security updates and misconfigurations by using the configuration baselines in Configuration Manager. You can use it to monitor the configuration of Microsoft Windows operating systems, Internet Explorer, Microsoft Office, SQL Server, and Internet Information Services (IIS).
What’s New
This release includes:
-
The capability to scan for potential security issues that may exist because of misconfigurations on the following Microsoft Product versions
-
Windows 2008 and later versions
-
Windows Server 2008 and later versions
-
Internet Information Server 7.x and 8.x versions
-
Microsoft Office 2010 or later versions
-
Internet Explorer 9, 10 and 11 versions for
supported operating systems
.
-
PowerShell 3.0, 4.0 and 5.0 versions
-
New Vulnerability Assessment Overall Report will display
-
List of Security, Administrative and Compliance Vulnerabilities for a specific computer.
-
List of Windows Updates Vulnerabilities (if there are any)
-
List of Windows Server Vulnerabilities (if there are any)
-
List of IIS Vulnerabilities (if there are any)
-
List of SQL Vulnerabilities (if there are any)
To use this Configuration Pack
-
First import the three configuration baselines (Vulnerability Assessment: IIS Baseline, Vulnerability Assessment: SQL Server Baseline, Vulnerability Assessment: Windows Baseline). To understand in detail what each configuration item will be evaluating, review the properties of the configuration item.
-
Next target the baselines to a collection containing the computers you want to monitor. Policies will be evaluated and reported back to the site server. Note: you may need to wait for 24-48 hours depending on your inventory cycles.
-
The run the report and review the compliance results.
Prerequisites
The following are prerequisites for Vulnerability Assessment Configuration Pack:
-
The site server must be running one of the following:
-
System Center 2012 R2 Configuration Manager SP1 CU3 with Hotfix
KB3153628
(A new Vulnerability Assessment Overall Report is available for System Center 2012 Configuration Manager)
-
System Center 2012 Configuration Manager SP2 CU3 with Hotfix
KB3153628
-
System Center Configuration Manager current branch -
Note:
The Configuration Pack can be imported to System Center Configuration Manager but the reports are not included. Reports will be released along with the next released update version of the current branch of System Center Configuration Manager.
-
The Configuration Manager clients require:
-
PowerShell 3.0 or later
-
The IIS feature: "IIS Management Scripts and Tools" installed
-
.NET Framework 4.5.2 or later
Download
To download the latest release of the Vulnerability Assessment Configuration Pack, visit
https://www.microsoft.com/en-us/download/details.aspx?id=51948
. We appreciate your feedback for this Configuration Pack! If you have a feature request, please share your ideas with us on the
Configuration Manager UserVoice site
. You can report issues with the Vulnerability Assessment Configuration Pack on the Connect site for Configuration Manager here:
https://connect.microsoft.com/ConfigurationManagervnext
.
-Raghu Kethineni
Additional resources:
