After SQL Slammer hit, one of my customers wanted to do a sweep of all systems to find out what patches and hotfixes might still be missing. Of course, they also wanted to do it for free. They ended up using the latest release of the Microsoft Baseline Security Analyzer (MBSA) to scan the computers on their network.
MBSA has its issues, but overall it seems to work pretty well for a free product. In the end, we ended up with a report enumerating the security vulnerabilities on the various systems that had yet to be patched. We wanted to address the more critical patches first- but it raised the question that we may undo a more current patch if we went out of order and applied an older patch after the fact.
Then I heard about Update Expert from St. Bernard software:
The nice thing about this software is that it will do the same things as MBSA- scan all systems and determine missing patches and hotfixes, but it has added features. It also lets you manage the patch implementation and track progress. Given a set of patches to apply it automatically orders them properly so they won't conflict with each other.Quote:
UpdateEXPERT is a software patch vulnerability assessment tool that scans your networked systems for missing patches and remediates discovered weaknesses for increased protection. UpdateEXPERT features an extensive database (including service packs, hotfixes and other patches) that is maintained by St. Bernard Software's software patch experts.
MORE
This is a Microsoft-centric solution- working with Windows NT / 2000 / XP, IIS, Terminal Server, SQL Server, Exchange Server, Internet Explorer, Windows Media Player, Netmeeting, Office and Outlook. Its also not free, but I believe it is reasonably priced.
I recommend that anyone struggling to keep up with which patches need to go on which Windows boxes and in what order take a look at this product.
....no, I am not receiving a commission from St. Bernard Software (maybe I should contact them about that oversight?)