Tools for Keeping up with a Flood of Security Patches

ATLANTA -- A few times a week now it seems that Microsoft Corp. is updating one server product or another with a patch for some security vulnerability.

It's not too hard to keep track if you're running one server, but keeping up in an enterprise with hundreds or thousands of potentially vulnerable machines serving dozens of functions can be time-consuming and worrisome.

Two tools vendors unveiled updates this week at Microsoft's TechEd 2001 show for helping companies stay on top of the situation companywide.

PatchLink Corp. will deliver PatchLink Update 3.0 in the third quarter. ConfigureSoft made version 3.6 of its Enterprise Configuration Manager product available immediately.

The software companies take different approaches. PatchLink 3.0 focuses narrowly on security patches, but it helps administrators deploy the patches and covers multiple platforms. ConfigureSoft supports just the Windows platform and alerts administrators about new patches affecting their environments, but it has a broader scope than security patches.

"An overwhelming majority of all security breaches can be prevented if software patches and updates are applied when they are first available," PatchLink CEO Sean Moshir says.

With PatchLink 3.0, server-side software performs a discovery across the network for what is installed. The results are consolidated in a report. Necessary patch updates that are prepared by PatchLink from operating system vendors security bulletins get deployed automatically.

PatchLink agents on the servers that run the native code of the operating system install the patches and can reboot the machine if necessary. The software supports Novell NetWare, Windows, Linux, IBM AIX, Sun Solaris and HP-UX.

ConfigureSoft also does discovery on Windows networks. While the company's 3.6 release includes Microsoft current security patches, the company focus includes the base configuration of the machines.

"I can say with absolute confidence that there is no such thing as a large-scale Microsoft enterprise that is secure that is not running ECM. It's not because people aren't disciplined or diligent, it's that they can't fix what they don't see," says ConfigureSoft CEO Alexander Goldstein.

"We allow you to see in an enterprise view where all your hotfixes are deployed and where they're not deployed," Goldstein says.

The tool also checks for configuration basics, like including a password in the administrator account. Templates allow an enterprise to make sure all servers of a certain class, i.e. IIS servers or SQL Servers, are configured the same. Administrators can run the tool periodically to make sure individual machines haven't strayed from the standard configuration.

Patchlink Corp. can be found at

Configuresoft Inc. is located

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • Google IDs on Azure Active Directory B2B Service Now at 'General Availability'

    Microsoft announced on Wednesday that users of the Google identity and access service can use their personal log-in IDs with the Azure Active Directory B2B service to access resources as "guests."

  • Top 4 Overlooked Features of a Data Backup Strategy

    When it comes to implementing an airtight backup-and-recovery plan, these are the four must-have features that many enterprises nevertheless tend to forget.

  • Microsoft Bolsters Kubernetes with Azure Confidential Computing

    Microsoft on Tuesday announced various developments concerning the use of Kubernetes, an open source container orchestration solution fostered by Google.

  • Windows Will Have Support for Encrypted DNS

    Microsoft announced this week that the Windows operating system already has support for an encrypted Domain Name System option that promises to add greater privacy protections for Internet connections.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.