Why a fully up to date windows machine isn’t fully patched

How can a fully up to date windows machine not be fully patched and protected? You may be thinking we are talking about other 3rd party applications but not in this case. Far too often we see organizations that rely on Windows Update or utilizing System Center Configuration Manager (SCCM) or even third-party patching applications to deliver updates thinking they are protected when they hit 100% compliance. This, unfortunately, is misleading and something that I wish Microsoft would fix.

If you take your favorite vulnerability scanner (e.g., Nessus) and scan a server or workstation, you will notice that it will identify the system as missing updates. In more cases than not teams reviewing these items may mistake them as a false positive where the patch is deployed, but if you look closer at the details, it will state that particular registry keys are missing and need to be applied in order for the protections to be enabled. These registry key changes may seem trivial in nature but protect against current in the wild exploits and malware, making the repercussions of not enabling these settings immense.

Contact us and let us help you identify and remediate these issues within your organization.