Overview

Patch for Windows creates Fixlets for the patches that Microsoft issues. The BigFix agent checks the registry, systems language, and other factors to determine if the patches are not installed or if an installed patch is corrupt. Notes® placed in the Fixlet® descriptions help Console Operators work around potential issues.

BigFix Patch for Windows keeps your Windows clients current with the latest security and non-security updates from Microsoft. BigFix Patch is available through the Enterprise Security Fixlet® site from BigFix.

For each new patch issued by Microsoft, BigFix releases a Fixlet® that identifies and remediates all the computers in your enterprise that need it. With a few keystrokes, the BigFix Console Operator can apply the patch to all relevant computers and view its progress as it deploys throughout the network.

The BigFix agent checks the registry, file versions, the systems language, and other factors to determine if a patch is necessary. Fixlets for Windows patches are divided into two main classes:

The patch has not been installed.
These Fixlets check a combination of the Windows registry and the Windows file system to determine whether or not a patch is applicable.
An installed patch is corrupt.
These Fixlets check the registry and each file installed by the patch. If any of the files are older than the version installed by the patch, the Console Operator is notified. A Fixlet® describes the nature of the vulnerability and you can then re-apply the patch.

With this dual approach, you can differentiate between unpatched computers and those that have regressed due to installation of an earlier version of the application or service pack.

BigFix tests each Fixlet® before it is released. This testing process often reveals issues that are addressed by attaching extra notes to the Fixlet®. The Console Operator can use these notes to work around the problem, adding extra value to the patching process. BigFix incorporates also user feedback into notes.

Examples of notes include:

  • Note: An Administrative Logon is required for this IE patch to complete upon reboot.
  • Note: Affected computers might report back as 'Pending Restart' when the update has run successfully, but do not report back their final status until the computer has been restarted.
  • Note: To deploy this Fixlet®, ensure that Windows Update service is not disabled.
  • Note: Microsoft has announced that this update might be included in a future service pack or update rollup.