barscaret-downcaret-leftcaret-rightcaret-upcheckchevron-leftchevron-rightfile-pdfinfosign-in-altsignin text-widthtimesyoutube

Third Party Patch Management – Non-Microsoft Patching

During the past two decades, Microsoft has worked hard to prioritize security and how Windows and other products are maintained and supported. They’ve largely succeeded, whether it’s about force-feeding home users Windows 10 updates, or letting organizations manage Microsoft Update provided fixes with Windows Server Update Services (WSUS).
Generally speaking, Microsoft products from Windows and Office to SQL Server, Exchange, and Dynamics are well maintained in most organizations.
But what about the rest of the products that IT departments deliver in the form of Windows PCs and servers? With cyber-attacks growing more commonplace and regulation like the EU’s GDPR creating severe risks for businesses to face major fines for leaking personal information, it’s time to take control of all aspects of IT life.

App patching is manual by default

Manual labor should be a naughty word in IT. Yet, without help, managing PCs en masse requires that updates for products from companies like Autodesk, Oracle, and Google and Adobe be hand-rolled.
At any rate, arrangements that rely on vendor-specific update tools are security dead ends. Such arrangements often require elevated user privileges and the dangerously bold assumption that end-users actually would run updates themselves.
Yet, letting apps grow stale isn’t an option: as Secunia/Flexera points out in their 2017 Vulnerability Review, a significant share of problems stem from software that can’t be patched with Microsoft tools (see Figures 1 &2). Software like Java, Flash, web browsers, and anything that touches files downloaded from the internet forms the most exposed attack surface on modern PCs, and as such, a great business risk.
Graph labeled share of vulnerabilities, non-Microsoft programs, 2011-2016

Figure 1. Source: Secunia/Flexera

The meaning of this, per reports and estimations from Verizon and Gartner, is that a clear majority of attacks against businesses utilize known exploits for which patches have been available for months or years. In Figure 3, from Secunia, we see that a large portion of vulnerabilities in top 50 software products, well above half of these products, are found in non-Microsoft products.
Whether your threat model is mostly focused on risky web surfing habits among employees or advanced corporate espionage, based on malicious e-mail attachments, the writing is on the wall. Desktop software security is a big deal that isn’t solved by default Microsoft tools in any practical sense.

Miradore to the rescue

With Miradore Management Suite in your software toolbox, you get access to our patch management module, covering more than 180 common software products from 45+ vendors. In addition to the Microsoft products, these include software from Adobe, Oracle Corporation, the Mozilla foundation, and Google to name a few.
Graph titled Share of Vulnerabilities by Non-Microsoft Programs

Figure 2. Source: Secunia/Flexera

How patch management works

Our IT Systems Management Solution – Miradore Management Suite retrieves the software updates and patches from the supported software vendors automatically in a pre-packaged format ready for automatic deployment, clearly presented in one consolidated view. Just select applicable updates, and Miradore takes care of the rest.
At the same time, it also monitors the managed devices, giving administrators clear status information about the patching status through a single pane of glass.
For the deployment part, the Patch Management solution utilizes Miradore’s built-in deployment technology which enables the patch deployments through one management console for all devices.
Administrators only need to create some basic rules for the patching, such as when patches can be installed, or which groups of devices should be patched. The system takes care of the actual installation part, with minimal disruption to services and user productivity.
For more demanding use, there is also a lot of other customization settings. The admins can, for example, define the reboot options that are provided to users after patch installation, which gives them some flexibility while also ensuring that PCs don’t get left behind.
So, here you have it: some heavyweight arguments to show that any Windows-oriented environment is quite likely to require additional tooling to stay on top of security updates for applications. If you’d like to know more, don’t hesitate to get in touch with Miradore salesShare of vulnerabilities by source
If you became interested, feel free to watch our recent webinar on patch management. It briefly demonstrates how easy the module is to set up and use.