5 Replies Latest reply on Nov 28, 2017 11:24 AM by kellytice

    Intel Advisory

    zdavid

      With Intel announcing a whole bunch of vulnerabilities yesterday I was wondering. Once Dell releases a firmware update to patch it, is it possible for SPM to,

      a. Deploy a Dell firmware patch?

      b. Target machines by model?

       

      Thanks and Happy Thanksgiving.

        • Re: Intel Advisory
          kellytice

          There are Dell catalogs available that contain firmware updates.  Assuming Dell releases a new one and puts it in their catalog, you can sync that down to Patch Manager and (optionally) publish it into WSUS or SCCM for deployment.

           

          A consideration that might not be super obvious:

          I believe that the Dell packages use some WMI extensions provided by the Dell OpenManage agent to determine applicability.   If the target machines don't have that software, the applicability rule will likely evaluate as 'false' and therefore come back as "Not Applicable".

          In terms of targeting by model...that may be possible.  For example if i go into the All Computers view under my WSUS server in the Patch Manager console, two of the available columns there are "make" and "model".  You could sort or group by those columns and then select the particular machines you want to target.  If you right-click that selection and use an Update Management task you can deploy a particular firmware update to that selection of machines. 
          In theory, the packages that Dell makes should have some pretty specific applicability rules built into them...so it might not be required to be that specific in the machines that you target since the rules should exclude those machines for which the rules don't evaluate as True...   but it sounds like you are like me and would rather play it safe by targeting just he models that you think should get it. 

          3 of 3 people found this helpful
            • Re: Intel Advisory
              zdavid

              Thanks! I found the site to download the catalog from, once they release it, but it is password protected. Will need to contact our Dell rep about access

                • Re: Intel Advisory
                  kellytice

                  Patch Manager should be able to hook into the Dell catalogs directly.   In SPM, go into Administration and Reporting -> Software Publishing -> [right-click and select Synchronization Settings] -> Subscription tab and there should be two catalogs there - one for Dell workstations and one for Dell Servers.   The items in those catalogs are likely unchecked by default.   

                  You'll probably also want to make sure that you have a recurring synchronization of those catalogs configured (on the first tab of that same wizard); you can optionally set up that sync to notify you when there are new packages (for any of the catalogs) available.


                    • Re: Intel Advisory
                      zdavid

                      Unfortunately, I don't seem to have Dell listed as an option in the subscription tab. It may only appear once I import it once into the system.

                        • Re: Intel Advisory
                          kellytice

                          hmm.... try going to Administration and Reporting -> Software Publishing and choose the option for "Patch Manager Update Configuration Wizard".
                          That should go out and try to re-detect the available catalogs.   It will probably take 5-10 minutes to run...but when it finishes, don't just click "finish" or "OK" or whatever it is.    that last page should summarize what it found, and if there are errors it should say "couldn't connect to x....", etc... 
                          It may be that a proxy or firewall or something is blocking communication to the dell web page, but hopefully if there an error there it will be descriptive enough to help you figure it out.