Relying on Microsoft's WSUS patch management is 'almost negligent'

IT managers who solely rely on Microsoft's WSUS patch management updates have been criticised by a security expert.

Daniel Power, European sales director at KACE, criticised IT and security managers who do not look for complete patch management systems as ‘negligent.'

Power said: “I find it almost negligent that people rely on WSUS, they are not addressing patching properly, as by choosing WSUS they are crossing their fingers in the hope that they will cover the vulnerability.

“People do pay lip service to it, but I find it strange the way people look at security as they pay fortunes for firewalls and intrusion protection but if you ask a high end IT manager how many management systems they have – they don't know.

“WSUS is purely Microsoft so you are not protecting Adobe, Firefox, iTunes – I mean who doesn't use Acrobat these days?”

In agreement was Chris Schwartzbauer, vice president of Shavlik Technologies, who said: “Executives are spending money on security but don't have effective patch management software, the challenge is for IT professionals to articulate patches that are simple and cost-effective enough for the CEO to grasp.

“The downadup exploit is a great example of what can happen if the right automation tools are not being used. There were more non-Microsoft bulletins in Q3 than there were from Microsoft, but some IT managers haven't figured out how to run the server to cover all applications.

“This is easy stuff, why is no one patching against it? People are buying great burglar alarms but they haven't figured out how to lock the doors and windows, you need to do the basic maintenance but it is hard to yet once a major worm hits the internet it is easy to do bad things in a down environment.”