If you're LANDesk Management Suite subscription includes the Security module then you can handle all of that in Patch and Compliance.
Our firm is also staying with IE9 (for now), so we deployed the IE10 and IE11 blocker, which prevents clients from getting them via Windows Updates. We also have GPO in place which disables access to Windows Updates for non-administrators. We also deploy the ST000xxx definitions to disable Java Update, disable the Windows Firewall, disable Adobe Update, and several more.
I would suggest watching the E-Learnings located here in the Patch Manager section of the community, but the basics of patching are as follows:
Download patch definitions
Select the patches you want to deploy
Download the patches
Schedule them as a task/policy task
Add computers to the task and schedule/run it