main content

SupportConnect - Client Management Solutions Newsletter, Version 08.03

NOTE: E-News technical information is dynamic and links in archived copies of these technical newsletters may eventually become invalid as the products evolve. Please check the support web page for your product to get the latest technical information.

Client Management Solutions Newsletter
Version 08.03
April 30, 2008

In This Newsletter

Product Updates

	>	IT Client Management / Desktop and Server Management Green Book
	>	Unicenter® Patch Management April Content Release
	>	Unicenter® Asset Management r4.0 AppDef Revision 80
	>	Unicenter® Patch Management Content Survey - Have an Impact on Supported Patches
	>	CA Products Using the DSM ListCtrl ActiveX Control Security Notice
	>	Security Notice for CA ARCserve® Backup for Laptops and Desktops Server and CA Desktop Management Suite
	>	Recent Published Fixes
	>	Recent Published Knowledge Base Articles

Special Events

	>	Save the Date: CA WORLD®
	>	Wireless Enterprise Symposium 2008
	>	Deploying Windows Vista in Your Enterprise? CA Can Help...
	>	Mobile Convergence Technology Summit

IT Client Management / Desktop and Server Management Green Book
The CA is very pleased to announce the availability of the new IT Client Management / Desktop and Server Management Green Book. It focuses on CA Unicenter® Asset Management, CA Unicenter® Software Delivery, and CA Unicenter® Remote Control, the three core products that comprise the CA IT Client Management Solution. This Green Book contains recommended technical and process-oriented best practices, architecture recommendations, complex implementation scenarios including high availability, and answers to commonly asked implementation questions.

The content in this book is based on the tremendous practical knowledge of our most experienced SWAT Team members, Architects, and other subject matter experts - based on their experience with our solutions in real-world customer implementations around the globe. It was written for your customers, our partners, and our internal field consultants. It contains invaluable information that goes well beyond the feature / functionality information that is provided in the product documentation. This Green Book is intended to help make your use of our technology as successful as possible.

For more information about CA Green Books, go to the CA Support site.

To download CA Green Books, you can go to the CA Green Book Library page, which will require you to enter your support site user ID and password.

Top

Unicenter® Patch Management April Content Release
The CA Content Research Team is pleased to announce that the April (v0804) release of Unicenter Patch Management's Microsoft Security Rollup (DELTA\FULL) packages is available.

The rollup packages include the following new security bulletins:

Microsoft Security Bulletin MS08-018:
Critical Vulnerability in Microsoft Project Could Allow Remote Code Execution (950183) www.microsoft.com/technet/security/bulletin/MS08-018.mspx
Microsoft Security Bulletin MS08-019:
Important Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (949032)
www.microsoft.com/technet/security/bulletin/MS08-019.mspx
Microsoft Security Bulletin MS08-020:
Important Vulnerability in DNS Client Could Allow Spoofing (945553)
www.microsoft.com/technet/security/bulletin/MS08-020.mspx
Microsoft Security Bulletin MS08-021:
Critical Vulnerabilities in GDI Could Allow Remote Code Execution (948590)
www.microsoft.com/technet/security/bulletin/MS08-021.mspx
Microsoft Security Bulletin MS08-022:
Critical Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution (944338)
www.microsoft.com/technet/security/bulletin/MS08-022.mspx
Microsoft Security Bulletin MS08-023:
Critical Security Update of ActiveX Kill Bits (948881)
www.microsoft.com/technet/security/bulletin/MS08-023.mspx
Microsoft Security Bulletin MS08-024:
Critical Cumulative Security Update for Internet Explorer (947864)
www.microsoft.com/technet/security/bulletin/MS08-024.mspx
Microsoft Security Bulletin MS08-025:
Important Vulnerability in Windows Kernel Could Allow Elevation of Privilege (941693)
www.microsoft.com/technet/security/bulletin/MS08-025.mspx

NOTE: The DELTA Security Rollup Packages are only available for systems running Microsoft Windows XP with Service Pack 2 applied. These are special Unicenter Patch Management packages, designed to install critical security patches released during the current month. Unlike the existing Windows XP Post SP2 FULL Security Rollup Packages, the DELTA packages do not include ALL of the critical security patches ever released for the operating system. For more information on Supported Patch Content and Content Publication Goals, please see the updated Supported Patch Content Informational Document.

Visit the Unicenter Patch Management Information Center for up-to-date information. Refer to the UPM Release Notes for the list of all Microsoft patches that are included in the current Roll-up Package.

Access the latest news regarding Unicenter Patch Management with the convenience of the Unicenter Patch Management RSS Feed.

Top

Unicenter® Asset Management r4.0 AppDef Revision 80
The CA Content Research Team is pleased to announce AppDef Revision 80, scheduled for April 30, 2008.

In order to import the current revision to Asset Management r4.0, it is mandatory for Administrators to (1) apply Cumulative Fix QO81414 to all Asset Management Console nodes, and (2) perform the Software Normalization procedures posted on CA Support Online. Direct access to the links referenced may be routed through the CA Support Online login page if a session is not previously authenticated.

NOTE: This bulletin is only applicable to Asset Management r4.0 installations. The Asset Management component of Desktop and Server Management r11.x installations downloads signature content automatically through the Software Content Download Job, based on its configuration.

Top

Unicenter Patch® Management Content Survey - Have an Impact on Supported Patches
As important advisors to CA and as users of CA Client Management Solutions, we would like to obtain your input on the patch content that is important to your enterprise. An online survey is available for you to give us your feedback on the patch content you would like to see supported within Unicenter Patch Management.

This is a great opportunity to provide direct input to Product Management for consideration in developing future releases of patch content. The survey is available online between April 7 - May 7, 2008. It will take approximately ten minutes of your time and will have a significant effect on the future patch content. Please take the time to provide feedback and give us your priorities by taking this survey.

A summary of the survey results will be posted on the UPM support page a few weeks after the completion of the survey.

Top

CA Products Using the DSM ListCtrl ActiveX Control Security Notice
CA's customer support is alerting customers to security risks in CA products that implement the DSM ListCtrl ActiveX control. A buffer overflow vulnerability exists that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued updates to address the vulnerability.

The vulnerability, CVE-2008-1472, is due to insufficient bounds checking by the ListCtrl AddColumn function. An attacker can cause a buffer overflow, which can lead to arbitrary code execution under the context of the user running the web browser.

Note: For BrightStor® ARCserve® Backup for Laptops & Desktops, only the server installation is affected. Client installations are not affected.

For CA Desktop Management Suite, Unicenter® Desktop Management Bundle, Unicenter® Asset Management, Unicenter® Software Delivery, and Unicenter® Remote Control, only the Managers and DSM Explorers are affected. Scalability Servers and Agents are not affected.

To determine if your product installation could be affected, comprehensive information is on the CA Support site.

CA has provided updates to address the vulnerabilities that are listed and can be downloaded from the support site listed above.

To regularly monitor any security notices for CA products, log onto the CA Support Site and on the home page, click on the Vulnerability Alerts tab.

Top

Security Notice for CA ARCserve® Backup for Laptops and Desktops Server and
CA Desktop Management Suite
CA customer support is alerting customers to security risks in CA ARCserve Backup for Laptops and Desktops Server. Multiple vulnerabilities exist that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities.

The first issue, CVE-2008-1328, occurs due to insufficient bounds checking on command arguments by the LGServer service.

The second issue, CVE-2008-1329, occurs due to insufficient verification of file uploads by the NetBackup service.

In most cases, an attacker can potentially gain complete control of an affected installation. Additionally, only a server installation of BrightStor® ARCserve® Backup for Laptops and Desktops is affected. The client installation is not affected.

Note: The previously published patches for CVE-2007-3216 and CVE-2007-5005 did not fully address some issues.

To determine if your product installation could be affected, comprehensive information is on the CA Support site.

CA has provided updates to address the vulnerabilities that are listed and can be downloaded from the support site listed above.

To regularly monitor any security notices for CA products, log onto the CA Support Site and on the home page, click on the Vulnerability Alerts tab.

Top

Recent Published Fixes

Product	Description	Solution / Patch	Related Solution
Unicenter® Desktop and Server Management r11.2 C2 Unicenter® Asset Management r11.2 C2 Unicenter® Software Delivery r11.2 C2 Unicenter® Remote Control r11.2 C2	Vulnerability in LISTCONTRL.OCX	QO99079	#30
Unicenter Desktop and Server Management r11.2 C2 Unicenter Asset Management r11.2 C2 Unicenter Software Delivery r11.2 C2 Unicenter Remote Control r11.2 C2	Vulnerability in GUI_CM_CTRLS.OCX	QO99080	#31
CA Desktop Management Suite for Windows r11.2 C2 Unicenter Asset Management r11.2 C2 Unicenter Software Delivery r11.2 C2 Unicenter Remote Control r11.2 C2	Vulnerability in LISTCTRL.OCX	QO99083	#10
CA Desktop Management Suite for Windows r11.2 C2 Unicenter® Desktop Management Bundle r11.2 C2 Unicenter Asset Management r11.2 C2 Unicenter Software Delivery r11.2 C2 Unicenter Remote Control r11.2 C2	Vulnerability in GUI_CM_QTRLS.OCX	QO99084	#11
CA ARCSERVE® BACKUP FOR LAPTOPS & DESKTOPS SERVER-LEWSVR	BUFFER OVERFLOW ON LISTCTRL.OCX	QO96102
CA Desktop Management Suite for Windows r11.1 (GA, a, C1) Unicenter Desktop Management Bundle r11.1 (GA, a, C1) Unicenter Asset Management r11.1 (GA, a, C1) Unicenter Software Delivery r11.1 (GA, a, C1) Unicenter Remote Control r11.1 (GA, a, C1)	NT -DMS 11.1- OVERRUN VULNERABILITY IN LISTCTRL	QO96088
CA Desktop Management Suite for Windows r11.2a Unicenter Desktop Management Bundle r11.2a Unicenter Asset Management r11.2a Unicenter Software Delivery r11.2a Unicenter Remote Control r11.2a	NT -DMS 11.2A- OVERRUN VULNERABILITY IN LISTCTRL	QO96092
CA Desktop Management Suite for Windows r11.2 Unicenter Desktop Management Bundle r11.2 Unicenter Asset Management r11.2 Unicenter Software Delivery r11.2 Unicenter Remote Control r11.2:	NT -DMS 11.2GA- OVERRUN VULNERABILITY IN LISTCTRL	QO96091
CA Desktop Management Suite for Windows r11.2 C1 Unicenter Desktop Management Bundle r11.2 C1 Unicenter Asset Management r11.2 C1 Unicenter Software Delivery r11.2 C1 Unicenter Remote Control r11.2 C1	NT -DMS 11.2C1- OVERRUN VULNERABILITY IN LISTCTRL	QO96090
CA ARCserve Backup for Laptops and Desktops 11.1, 11.1 SP1, 11.2 SP2	WIN-NEW SECURITY PATCH	QO95512
CA ARCserve Backup for Laptops and Desktops 11.5	WIN-NEW SECURITY PATCH 11.5	QO95513
CA Desktop Management Suite 11.2 English	WIN-NEW SECURITY PATCH 11.2	QO95513
CA Desktop Management Suite 11.2 localized	WIN-NEW SECURITY PATCH 11.2	QO95513
CA Desktop Management Suite 11.1: Upgrade to 11.1 C1. CA ARCserve Backup for Laptops and Desktops 11.0: Upgrade to ARCserve Backup for Laptops and Desktops version 11.1 and apply the latest patches.	BABLD R11.0 - FOR LATEST UPDATES USE BABLD R11.1	QI85497
CA Desktop Management Suite r11.1	NT - Overrun Vulnerability in GUI_CM_CTRLS.OCX	QO96287	#4
CA Desktop Management Suite 11.2	DMS 11.2 C1 Overrun Vulnerability GUI_CM_CTRLS.OCX	QO96284	#6
CA Desktop Management Suite r11.2	DMS 11.2 Overrun Vulnerability GUI_CM_CTRLS.OCX	QO96285	#7
CA Desktop Management Suite r11.2	DMS 11.2 Overrun Vulnerability GUI_CM_CTRLS.OCX	QO96286	#8
Unicenter Desktop and Server Management r11.1	NT- Overrun Vulnerability in GUI_CM_CTRLS.OCX	QO96287	#10
Unicenter Desktop and Server Management r11.2	DSM 11.2C1 Overrun Vulnerability GUI_CM_CTRLS.OCX	QO96288	#24
Unicenter Desktop and Server Management r11.2	DSM 11.2 GA Overrun Vulnerability GUI_CM_CTRLS.OCX	QO96289	#25
Unicenter Desktop and Server Management r11.2	DSM 11.2A Overrun Vulnerability GUI_CM_CTRLS.OCX	QO96290	#26
Unicenter Desktop and Server Management r11.2	NT DSM r11.2 C2 Note: This cumulative is supplied as a fully patched Master Image (DVD iso Image) and will not be supplied as installed component patches.	QO96525	#27
CA Desktop Management Suite r11.2	NT � DMS 11.2 C2 Note: This cumulative is supplied as a fully patched Master Image (DVD iso Image) and will not be supplied as installed component patches.	QO96526	#9
Common Asset API-CORA	WIN-CORA Cumulative Patch 1	QO96565	#1
Unicenter Software Delivery 4.0	NT - Windows Mobile 6 Support (PC)	QO96238	#81
Unicenter Software Delivery 4.0	NT - Windows Mobile 6 Support	QO96239	#82

Top

Recent Published Knowledge Base Articles
The following table identifies Unicenter® products that have recently published knowledge base articles that may be of interest:

Product(s)	Title / Description	TecDoc#
CA Desktop Management Suite 11.0, 11.1, 11.2 Unicenter® Desktop and Server Management 11.0, 11.1, 11.2 Unicenter® Asset Management 11.0, 11.1, 11.2	How do I generate a report to check the current state of a service running on a machine.	TEC449351
Unicenter Desktop and Server Management 11.1, 11.2 CA Desktop Management Suite 11.1, 11.2	Enabling support for DSM and non-default (East Asian) language based agents.	TEC449208
Unicenter Desktop and Server Management 11.0, 11.1, 11.2 CA Desktop Management Suite 11.0, 11.1, 11.2	Violation of Primary Key constraint 'XPKca_language'. Cannot insert duplicate key in object 'ca_language'.	TEC449207
Unicenter Desktop and Server Management 11.1, 11.2 CA Desktop Management Suite 11.1, 11.2	The following error occurs while deleting an agent from the DSM Explorer:"DB error: invalid column name in select query [CMM000191]"	TEC449142
Unicenter® Remote Control 11.0, 11.1. 11.2 CA Desktop Management Suite 11.0, 11.1. 11.2 Unicenter Desktop and Server Management 11.0, 11.1. 11.2	Unable to take the remote control of a machine though the user name and password are validated.	TEC436484
Unicenter Remote Control 11.0, 11.1, 11.2 Unicenter Desktop and Server Management 11.0, 11.1, 11.2	After having installed DSM agents, in particular the Remote Control plug-in, it is not possible to play a DVD using popular DVD player software. If I uninstall the plug-in, it works again.	TEC435449
Unicenter Desktop and Server Management 11.0, 11.1, 11.2 SDO Boot Server 4.0, 11.0, 11.1, 11.2 Unicenter® Software Delivery 4.0,11.0, 11.1, 11.2 CCSWVT - Worldview Tools 3.0, 3.1	Boot Server and DHCP server on the same system.	TEC381737
Unicenter Desktop and Server Management 11.0, 11.1, 11.2 CA Desktop Management Suite 11.0, 11.1, 11.2	Registering a Domain Manager to the Enterprise Server fails with an error [CMM209411] in a NAT environment.	TEC448038
CA Desktop Management Suite 11.0, 11.1, 11.2	The DMS Server takes a long time to boot.	TEC446298
Unicenter Desktop and Server Management 11.0, 11.1, 11.2 CA Desktop Management Suite 11.0, 11.1, 11.2	Unable to launch the Web Console (WAC).The following error occurs: "Unable to connect to Web Services (50)".	TEC447278
Unicenter Software Delivery 11.0, 11.1, 11.2 CA Desktop Management Suite 11.0, 11.1, 11.2 Unicenter Desktop and Server Management	Jobs fail on machines behind a firewall due to the firewall IP address being passed to the CAM host.	TEC447047
Unicenter Desktop and Server Management 11.0, 11.1, 11.2 CA Desktop Management Suite 11.0, 11.1, 11.2	How do I configure DSM to use the correct IP address on a server with multiple NIC cards?	TEC447046
Unicenter Asset Management 11.0, 11.1, 11.2 CA Desktop Management Suite 11.0, 11.1, 11.2 Unicenter Desktop and Server Management 11.0, 11.1, 11.2	Software recognition based on a registry key.	TEC446651
Unicenter Asset Management 11.2 CA Desktop Management Suite 11.0, 11.1, 11.2 Unicenter Desktop and Server Management 11.0, 11.1, 11.2	Creating custom software definitions.	TEC446625
Unicenter Software Delivery 11.0, 11.1, 11.2 CA Desktop Management Suite 11.2 Unicenter Desktop and Server Management 11.2	Another computer with same MAC address is already defined [OSG000202].	TEC446457
CA Desktop Management Suite 11.0, 11.1, 11.2	The DMS Server takes a long time to boot.	TEC446298
Unicenter Asset Management 11.0, 11.1, 11.2 CA Desktop Management Suite 11.0, 11.1, 11.2 Unicenter Desktop and Server Management 11.0, 11.1, 11.2	How to collect Printer inventory	TEC446277
Unicenter Software Delivery 11.0, 11.1, 11.2 CA Desktop Management Suite 11.0, 11.1, 11.2 Unicenter Desktop and Server Management 11.0, 11.1, 11.2	There are many empty .RCP folders in the SDLIBRARY$ folder. Can they be deleted?	TEC445320

Top

Save the Date: CA WORLD®
November 16 - 20, 2008 - The Venetian Congress and Sands Expo and Convention Center

Mark your calendar and save the dates for CA's five-day education and networking conference for our Customers and Partners. This year's program has something for every member of your IT organization.

Business Management Symposium. By invitation only program for CIOs and senior IT Executives concerned with the strategic value of IT and how improvements in IT management can yield value for the business overall.
IT Management Symposium. Program for VPs, Directors, and Managers responsible for the daily operations of IT. Discover how changes in IT management can directly impact your operations to improve efficiency and increase productivity. Learn new ways to measure and communicate the value IT delivers to your organization.
General Conference Program. IT Professionals continue to benefit from industry-leading education. Hands-on product training, best practices, and tips for getting the most value out of your investment in CA solutions.

Conference highlights will include:

Free pre-conference education classes
Keynote sessions
600+ conference sessions
Exhibitor Center with CA and Partner solutions on display
Technical Campgrounds
CORE: Lounge area for relaxing, networking with fellow attendees or checking email
Event night is an opportunity to meet new people and network with old friends while enjoying an evening of inspired entertainment.

As CA WORLD approaches, CA WORLD Today will keep you updated on the show's newest details and information, including keynote speaker announcements, content track updates, social activities and more! Sign up for the CA WORLD Today newsletter!

Registration will open April 15, 2008, at caworld.com.

In our continuing efforts to provide CA WORLD participants with presentations on innovative technology and successful customer implementations that unify and simplify IT management, we are looking for the best speakers who are willing to share their experience and skills at CA WORLD 2008. Your contribution in volunteering to be a CA WORLD speaker is important to the success of the conference. We hope that you will take advantage of this opportunity to share your expertise with a highly motivated, professional audience. Sign up today and, if your submission is selected, as a thank you, your CA WORLD 2008 conference registration will be waived.

Further details will be provided in the next few months and will be posted on our web site.

Top

Wireless Enterprise Symposium 2008
CA is a sponsor of the Wireless Enterprise Symposium 2008, and will be showcasing our Mobile Device Management technology. It is the must-attend conference of the year for customers and industry members alike. With more than 100 breakout sessions, peer case studies, hands-on labs and a technology showcase, it's an incredible opportunity to network and take highly qualified advice back to your organization.

The Wireless Enterprise Symposium 2008 is scheduled for May 13 - 15, 2008, in Orlando, Florida. For more information or to register, go to the Wireless Enterprise Symposium 2008 web site.

Top

Deploying Windows Vista in Your Enterprise? CA Can Help...
Microsoft Windows Vista SP1 is here and it's a perfect time to assess your deployment plans. Whether you will be deploying it now or later, it's time to start thinking about how it will affect you and your organization. In order to minimize costs, downtime and disruption to business operations, organizations need an automated, tested and proven process for system migration and deployment that integrates with their existing desktop management solutions.

That's why we're here to help...

Join the first in a series of web casts designed to arm you with the information you need to ease your Windows Vista deployment process.

Learn about Windows Vista from the Microsoft experts themselves, including industry trends, how this new operating system can benefit your organization, how to assess possible barriers, and understand available resources.

Next, join the experts from CA to learn about CA Business Desktop Deployment Plus (CA BDD+), a combination of best practices and technology targeted at addressing and simplifying every step of the Windows Vista rollout from financial planning to support.

Access and view the Microsoft Vista Deployment web cast.

Top

Mobile Convergence Technology Summit
CA is a partner of the Mobile Convergence Technology Summit, and will be showcasing our Mobile Device Management technology. The Mobile Convergence Technology Summit, sponsored by Verizon, would like you to join them on May 6, 2008, in New York City for an informative seminar explaining the benefits and advantages of taking wireless applications beyond managing email. You will experience live demonstrations and interactive discussions from Verizon Wireless's best-in-class solution providers. Register today.

Top

You are subscribed as &*TO;.

To subscribe, unsubscribe, or change the format for this or other newsletters, please go to our E-News subscription page. You can also unsubscribe by sending an email to: editor_dskmgt@ca.com with "Unsubscribe enews_dskmgt" (without the quotes) in the message body. You must include the exact email address that you wish to unsubscribe.
Feedback? Comments? Suggestions?
Send an email to: editor_dskmgt@ca.com. All submissions become the property of the publisher and may or may not be reprinted.
NOTE: This address should be used only for feedback on this newsletter. Requests for technical support should be submitted through normal channels.

main content

Page Tools