Third party patching

If you ever feel overwhelmed by Microsoft patches, don’t even think of looking at patching the rest of the applications that are deployed in your enterprise. Recently, I was taking inventory of our vulnerability status and found we needed later versions of Adobe, Real, Winamp, Winzip, AIM, SUN JRE. The list probably is longer than that but that list was long enough to be frightening.
I quickly found that some applications defy inventory. They don’t use a version number in on the exe so a standard file query in SMS wont work. Or the version number for a vulnerable version of the product is the same as the version number for a non-vulnerable version. Sometimes the exe version was different from the product version leaving the admin to wonder if version 14 is version 10; what is version 12 equal to version 9.
Next I considered the upgrade options. Most of the time there wasn’t a patch. It was necessary to redeploy the application. Then there is the special case of the SUN JRE where deploying a new version seems to install the new version but leave the old. My favorite though was Adobe Acrobat Reader which required installing 6.0.1 before you could install the patch to take the version to 6.0.2.
This is making Microsoft patching look easy by comparison. I wonder how many times a day we can interrupt the users with the patching/upgrade software before they rebel.