Enterprise Windows Application Patching

SANS Top Cyber Security Risks report shows application patching is much slower than Operating System patching. Why does this occur? Is patching applications more difficult? In some cases patching JAVA may be cause issues with internal applications. But I haven't seen a case yet where a Flash or Adobe Reader update has caused an issue. (I'm talking security bulletings not major releases). Is the problem culteral? It took people a while to get in the habit of rolling out Operating ...

SANS Top Cyber Security Risks report shows application patching is much slower than Operating System patching.

Why does this occur?
Is patching applications more difficult? In some cases patching JAVA may be cause issues with internal applications. But I haven't seen a case yet where a Flash or Adobe Reader update has caused an issue. (I'm talking security bulletings not major releases).

Is the problem culteral? It took people a while to get in the habit of rolling out Operating System patching. Perhaps they just haven't crossed the Application hurdle yet.

Is it the tools? SMS/Config Manager doesn't seem to make deployment easy. Perhaps I'm doing it wrong, but with third party applications I have to use a script I downloaded from myitforum.com in order to customize the user install experience (ability to postpone). Having to update that for each application I'm pushing is a pain. My impression is that ConfigMgr's competitors are much better at doing this. ConfigMgr is also quite difficult to use under our security policy if you want to patch remote users who don't use the VPN.

I suspect a lot of mid-size and smaller businesses have just set up a WSUS server. WSUS lacks the capability of deploying application updates. (although googling shows an interesting add-on from a third party to add this functionality).

Applying third party application updates is time intensive. I deploy them one at a time. With Microsoft patches they are all deployed at once. Upgrade fatigue sets in much more quickly due to the greater frequency of these individually deployed third party plugins.

Improving application patching requires more than telling the administrator to work harder. The tools need to be improved so we can do our job. Microsoft needs to step it up with ConfigMgr. It needs to be easier to patch non-Microsoft products or customers will start checkout out competitors.


Read Full Article
GSO
Written on Friday, 25 September 2009 05:10 by GSO

Viewed 27 times so far.
Like this? Tweet it to your followers!
Published in Subscribe to the RSS feed of Network Security & Hacking News  Network Security & Hacking News / Subscribe to the RSS feed of Latest Security News  Latest Security News
Like this? Let your friends know now!

Rate this article

Latest articles from GSO

Latest 'tweets' from GovernmentSecurity

  • News Update: Cyber war is coming, the impact could be huge: CBS News reports that cyber.. http://bit.ly/1tx1kr | #Security Link Monday, 09 November 2009 07:35
  • News Update: Tenable Network #Security Podcast - Episode 11: Welcome to the Tenable Netw.. http://bit.ly/2Iqd6G | Security Link Monday, 09 November 2009 07:35
  • News Update: Consent will be required for cookies in Europe: EDITORIAL: A law that dema.. http://bit.ly/3JYgip | #Security Link Monday, 09 November 2009 07:35
  • News Update: CBS 60 Minutes tackles cyber-terrorism: Could hackers get into the compute.. http://bit.ly/2d5Y21 | #Security Link Monday, 09 November 2009 07:35
  • Blog Update: We have launched the new GovernmentSecurity.org: We decided to launch th.. http://bit.ly/2G1SSF | #Security Link Saturday, 07 November 2009 17:38
blog comments powered by Disqus
back to top

Site Search

Disqus Tools