News Stay informed about the latest enterprise technology news and product updates.

Microsoft's patch manager gets a refresh

The next version of Microsoft's free Windows patching tool will make its debut at the Microsoft Management Summit. Will it be able to better compete with commercial rivals?

Some might say that comparing Microsoft's free Windows patching tool, WSUS, to a full-blown patching tool that comes with a price tag would be like comparing a KIA to a Mercedes-Benz.

But Windows Software Update Services (WSUS) 3.0, which makes its formal debut next week at the Microsoft Management Summit in San Diego, Calif., is looking less and less like the humble patch management tool of yore.

According to a blog posting by Craig Marl, a Microsoft program manager, the new WSUS will offer a new user interface, custom views based on products, classifications, sync date and the groups the updates are approved for. Also there is new filtering based on approvals and the status of a client.

In WSUS, the notion of approved for detection goes away. Users can build views where they can see which updates are unapproved and needed by clients. WSUS 3.0 will also allow for nested target groups, Marl said.

Many of the features Microsoft added to the 3.0 version of WSUS have long been available in paid-for products.

Originally called SUS 2.0, Microsoft renamed twice -- first WUS and then WSUS. WSUS was finally released in June 2005. Each version has offered more granular control of patching.

There is, however, one big downside to the product: It can only patch Microsoft platforms and not even all Microsoft platforms at that. Third-party patch managers can usually support Linux and Unix as well as third-party applications. WSUS also does not support uninstalls. That feature is part of Systems Management Server (SMS), Microsoft's fully featured desktop management software package.

One IT expert said that IT shops are using WSUS and scaling it out more than she believes anyone -- including Microsoft -- would have ever anticipated. "The OS has to support patch management," said Susan Bradley, a Microsoft MVP and CPA at Tamiyasu, Smith, Horn and Braun, a Fresno, Calif., accounting firm. "If it's being used more than you thought, then you built it better than you thought. You just have to have patch management built into the OS."

Bradley uses a patch manager from Shavlik Technologies, in Roseville, Minn., because she says it gives her more control than she would get from WSUS. "It's one of those things. You get what you pay for."

Other vendors that make patch management products are Altiris Inc., Configuresoft Inc., Ecora Software Corp., St. Bernard Software, Patchlink Corp. and BigFix Inc.

This article originally appeared on

Dig Deeper on Microsoft Patch Tuesday and patch management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.