While not open source, if you need a simple tool to patch third-party applications on a Windows machine you may want to check out www.patchmypc.com. They've done a good job of automatic a process that should have been automated a long time ago. What is needed now is to have a similar application delivered as a system service that runs on all computers in a domain. Microsoft Systems Center Configuration Manager is close but who has time to constantly create new deployment packages? The folks at patchmypc have the right idea. They maintain the package database - you just choose which applications you want to patch.