Sophos White Paper Sample

IT managers use the Windows Software Update Service (WSUS) for Windows operating system and Microsoft application patches. WSUS offers a good starting point for patch deployment. But it does not offer patch auditing capabilities, which give you the confidence that your computers are protected against critical software vulnerabilities.

• Around 70% of all vulnerabilities today are found in non-Microsoft software. So WSUS can fix less than a third of the software security holes in your environment.

• Microsoft does not provide granular prioritization of patches. It rates nearly all patches as “critical,” regardless of how easy the vulnerability is to exploit or whether malware exists for it. For example, a recent patch to render the correct currency symbol for the Indian rupee was rated as a “critical” update despite its low-level security impact. Without this security prioritization, you must invest significant time and resources to deliver all Micro¬soft patches—300 of which were released in 2010 alone.