Patch management is a challenging, as well as crucial part of information security for companies any size. This thesis presents guideline to help implementing a vulnerability mitigation process. To fully understand how vulnerabilities can be found, three patch management assisting system scanners (QualysGuard, Tenable SecurityCenter and Microsoft Baseline Security Analyzer) are tested for their reliability and accuracy. For proper testing of the setup, a windows domain with servers and clients is set up and scanned individually. Each test is performed by patching the systems to their fullest, searching for weaknesses in each operating system and assessing the results generated by each of the scans.
Comparing the outcome one can say, that each scan engine focuses on different aspects of the probed system and slightly different results are generated. Additionally, the severities of the found vulnerabilities also differ, because of different scoring systems used by each vendor.
Previous studies have focused on functionality of vulnerability scanning software, however this thesis presents a qualitative evaluation by comparing the scan results of three of the most used vulnerability scanners in a Windows domain.