I’m after a bit of information on what happens in the real world when it comes to patch management in larger companies.
I have no experience of other companies other than the one I currently work for. I’ve been looking into our patch management processes and have found that only windows operating systems (generally Win 7 and Server 2008) are patched (on patch Tuesday), meaning even MS Office is not patched. I understand it can be hard to keep track of all the different types of software on employees PC’s but I was really expecting more to be patched.
So in companies that don’t necessarily have a huge IT section, what is patched and what is left? My concern is that software like Adobe and Quick Time that have in the past had serious vulnerabilities are not being patched and could potentially cause a security incident of some sort in the future. I would like to go to management and say that what we are not doing enough to protect our network but wasn’t sure if this is just the norm or just how much effort is required in patching operating systems, third party applications and other software.