I got hit up with the task of using xymon to monitor whether our windows servers are patched. I saw a plugin on deadcat that requires licensed software from shavlik.com, (and being over 4 years old, I have no idea if it works with bbwin, or if shavlik's api was still the same) but wondered if there were any other solutions out there. Minimum functionality is a list of applied patches that would show up on the client data link.
For our linux boxes, I could probably just rpm -qa --last | head and check the date that an RPM was last installed - if it's more than a month, there is probably a problem... But I don't know enough about windows to come up with a simple solution for those boxes.
-- Daniel J McDonald, CCIE #2495, CISSP #78281, CNX Austin Energy http://www.austinenergy.com