Almost all enterprises today use third-party applications (other than Microsoft applications), these applications could be one of the Adobe, Java or Mozilla, or from any other vendor. Enterprises using Windows Service Update Services patch management lack the ability of patching these applications automatically due to inability of WSUS server.
Latest report by Microsoft, 2016 Trends in Cybersecurity, states that over 90% of system vulnerabilities in the enterprise network occur due to third-party applications. This is due to high frequency of patches published by Adobe and Java (which used by over 90% of attackers to exploit vulnerabilities) to update their applications.
Administrators using Windows Service Update Services deployment infrastructure, which has metadata only for Microsoft updates, have to come up with custom update content and scripts to patch third-party applications. It takes over 6 hours of time to research, create package, write a script and deploy a custom patch for users employing WSUS patch management.
In order to save time, administrators have a choice of allowing auto-updates for the managed computers. The drawback of this method faced by majority of our customers is that various packages lead to breakage of the application.
At times, all the WSUS clients don't have the rights to update third-party applications. This compels them to raise tickets and in turn make administrators to individually install updates on the desktop of the clients which leads to a lot of time wastage.