Educause Security Discussion mailing list archives

Re: Patching iTunes and Firefox

From: Kevin Kelly <kck () IAS EDU>
Date: Wed, 10 Feb 2010 00:22:16 -0500

Hi Lori,

I agree with you that patching 3rd party applications is a challenging and time consuming part of our jobs.  That being 
said, it's not impossible if you have the right set of tools.

To patch the two applications that you asked about, I use the psexec tool that is part of PSTOOLS.  It's a free 
download from Microsoft.  The basic syntax is as follows:

iTunes:

psexec \\hostname_to_update -s msiexec /qn /norestart /i "\\servername\sharename\iTunes\iTunes.msi"

Assuming all goes well, you will receive an error code of 0

Firefox

psexec \\hostname_to_update -s "\\servername\sharename\Firefox\Firefox Setup 3.5.7.exe" -ms

Again, assuming all goes well, you will receive an error code of 0.

Two good resources to look at for silent installers are:

AppDeploy - http://www.appdeploy.com/
WPKG - http://wpkg.org/Category:Silent_Installers

We use Secunia here to help us identify insecure applications on our client workstations.  It has proven to be an 
extremely valuable tool for us and I would highly recommend it to anyone that is responsible for maintain software 
applications on a Windows-based OS.  They are now beta testing a patching tool that is supposed to interface a WSUS 
server.  Looks interesting.

Feel free to contact me offline if you have any additional questions about the applications that I routinely patch and 
how I do it.

Good luck!

Kevin Kelly
Institute for Advanced Study
Princeton, NJ
USA



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv on behalf of Christianson, Lorrayne K.
Sent: Tue 2/9/2010 10:59 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Patching iTunes and Firefox
 
We are reviewing the products we place on our "standard image" and, as in years past, are faced with more and more 
products which our clients want, but are hard to patch and keep secure. So we are looking for feedback on how others 
are dealing with patching products such as iTunes and Firefox.


Lori Christianson
Associate Director-Client Services
Information Resources & Technologies
University of St. Thomas
2115 Summit Ave
Mail 5051
St. Paul, MN 55105
(651) 962-6286
lori_c () stthomas edu<mailto:lori_c () stthomas edu>

[cid:image001.png@01CAA9C6.B2721480]

Don't take the bait!  IRT will never ask you for your username and password via email. Phishing e-mails attempt to 
deceive the recipient into giving up private information in a response to a message or by leading the recipient to a 
fraudulent Web site.  Learn more about phishing here<blocked::http://www.stthomas.edu/irt/support/email/phishing.html>.

Current thread:

Patching iTunes and Firefox Christianson, Lorrayne K. (Feb 09)
- <Possible follow-ups>
- Re: Patching iTunes and Firefox Jason Chambers (Feb 09)
- Re: Patching iTunes and Firefox Kevin Kelly (Feb 09)
- Re: Patching iTunes and Firefox Joe Artz (Feb 10)
- Re: Patching iTunes and Firefox Stanclift, Michael (Feb 10)