We have been patching Windows Servers with BigFix / TEM for the past 4 years. When we first deployed BigFix we decided to patch all critical and important MS security patches to our windows servers. Today we are finding out that was not really a good idea. When you go to Windows update you see about 50+ patches that need to be applied. If you check on the severity of some of those updates you can see that they don’t match with what BigFix / TEM have them listed as.
Why is there a discrepancy between what MS has the update listed as and what BigFix / TEM has it listed as.
Is there a BigFix / TEM best practice for deploying MS updates?
Not sure what type of patches are missing on your machine. If they were non-security critical patches, that could be possible. Recently, TEM announce to support non-security critical patches for windows product family. So before that, I think there are only several non-security critical patches.
It would be great if you can contact our support, let’s see what we can do for you. And thanks for supporting the product for last 4 years!
I’ve been managing vulnerabilities from a Compliance standpoint for quite a few years. As far as TEM is concerned, they’ve done an Oustanding job releasing content that are vulnerability, security, and/or finding related.
In light of upcoming support, I’ll have to differentiate the current from non related patches, they are the ones I call enhancement patches. These are the ones that don’t offer any business value from a Windows Server standpoint, say for example: KB2785094 (Resolves an issue that could cause low-quality playback when you stream videos from Windows Media Center to Xbox consoles. Improves Bluetooth audio playback quality. Resolves an issue in which you may be unable to install a Windows Store app update when the app is installed to multiple accounts on the same computer).