What is the difference between Vulnerability Scanning and Patch Assessment?
Vulnerability scanning is looking for known security holes within your environment – of which some may be associated with a patch while others are not. As an example, we scan for the use of administrator accounts with no passwords. This is a security hole for which a patch does not exist, but should be addressed with specific security policy requirements and tighter procedures. Vulnerability scanning includes both Windows devices and Network devices (router/switch, etc). In contrast, Patch Assessment identifies security issues within your Microsoft environment for which a known fix is available in the form of a patch or service pack, and for which there is a clear path to remediation. Therefore, vulnerability scanning looks for security holes while Patch Assessment determines if you are in compliance with known fixes.
