Re: OK... teased us with the scenario and methods..
The article slipped in without emphasising application white listing as a necissary adjunct to patching (which is much harder at enterprise scale than patching outside of locked down call centre type environments).
For most organisations patching is a horrendous activity, in order of difficulty
a) understanding what applications you have installed
b) understanding what applications are actually run (or are a depenancy)
c) understanding what patches are available
d) understanding which you can apply without breaking compatibility
e) distributing patches
f) tracking when patches have actually applied
then trying to do all of that on a regular cycle, for end user devices (i.e. off network and powered down regularly) when it’s going to be looked at as pure cost and inconvenience by the business.
Its worthy of proper discussion