My take would be they need to provide what the vendor provides, regardless what it patches or fixes.
Only providing a secure but broken installation is stupid, hence you need to go back to an older version, not broken but unsecure. If I would evaluate vendors for that, with that input, I would look what others do. What is Patchmypc doing? Von: [email protected] [mailto:[email protected]] Im Auftrag von Miller, Todd Gesendet: Freitag, 8. Januar 2016 22:05 An: [email protected] Betreff: [mssms] 3rd party patch management question I am having an argument with my 3rd party match management vendor - Secunia/Flexera, and I am curious how other vendors handle this situation. Recently, Adobe released a security update for Flash-- 20.0.0.267 that had a bug in it and then a couple of days later released 20.0.0.270 to correct the bug. I need to patch Flash because there are security vulnerabilities in version 20.0.0.235. The only option Secunia has for us is to deploy version 20.0.0.267 which corrects known security vulnerabilities, but has a known critical functional bug. Secunia refuses to offer 20.0.0.270 because they consider it a "bug fix" and not a "security update" Secunia is in the business of patching security vulnerabilities not supplying patches that fix functional bugs. I am curious to know how the other patch vendor solutions are handling this issue. Does your third party patch solution offer all patches for Flash or only ones that plug security holes? _____ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. _____
