This is not a security vs. non-security issue. In 7.1 SP1 and later (Sally is running 7.1 SP2), all updates released by Microsoft are also released by Symantec. The issue is that Microsoft uses different rules than Symantec to determine if an update is installed. In this case, it's probably seeing some .cab files or something and deciding that the update is installed. Meanwhile, Symantec is looking for .dll versions or registry entries and not finding them, or not finding all of them, so it's marking the system as vulnerable.
In cases like these, if you haven't already deployed it using Symantec, I download the redistributable and run it manually on the system to see whether it completes or whether it reports it was already installed, or some other error (e.g. "This does not apply to your system!"). This informs next steps, such as opening a case with Symantec if Altiris is suggesting your computers need an update that is actually not applicable. They will work with you to resolve the issue, and if a problem is found with their detection or applicability rules, the source files, command lines, etc., they will typically resolve the issue and release it with the next PMImport release.
Does this answer your question on why you might be seeing different results?