Microsoft, NIST Collaborate on Patch Management, Developing Practice Guide

In this era of intense cyber attacks, how do we help organizations plan, implement, and improve an enterprise patch management strategy, asked Microsoft in a new blog post.

“We were particularly concerned with why patches hadn’t been applied, as they had been available for months and had already been used in the WannaCrypt worm—which clearly established a ‘real and present danger’,” wrote Mark Simos, the lead cybersecurity architect in Microsoft’s cybersecurity solutions unit.

To build “clearer industry guidance and standards” on enterprise patch management, Microsoft is partnering with the U.S. National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE). The company and the agency are inviting vendors, organizations and individuals with “pertinent learnings that you can share” to join the initiative (

  • Vendor: Any vendor who has technology offerings to help with patch management (scan, report, deploy, measure risk, etc.).
  • Organization or individual: All those who have tips and lessons learned from a successful enterprise management program (or lessons learned from failures, challenges, or any other situations).

Read more at: MSSPAlert