Why do we patch staff systems regularly?

Keeping the operating system and application software current on systems used to conduct university business is required by University policy. It is an important step in maintaining and protecting University informational assets and complying with applicable federal and state legislation. In addition, compromised systems will negatively impact work productivity both for the individual whose computer is involved and the staff who must perform forensics and remediation.

What is the patch process?

CIT has implemented a monthly patching schedule to keep up with the number of updates and patches that need to be applied in a complex environment such as ours. The schedule for testing and deploying Windows patches is outlined here: Windows Third-Party and Operating Systems Update Process.

For Macs, we have developed a new process that requires fewer prompts and user interruptions during the management, installation, update, and patching of operating systems and installed applications. Built-in Apple notification paths such as banners and alerts will notify you of updates in ways that are less intrusive.

Under what circumstances are patches applied outside of the standard cycle?

Patching of staff workstations may occur outside of the schedule described above for the following reasons:

• To address security vulnerabilities deemed urgent by ITSO.  

When are patches applied?

• Updates are deployed to your computer on the 4th Tuesday of the month around 4:00pm and are made available for you to install on your own through Software Center.
• The updates installation deadline is the following Tuesday at 4:00pm.  If you have not already installed them on your own, the updates will then automatically begin to install in the background.
• If any of the updates require a system restart, immediately after installation a two-hour countdown window that cannot be closed will begin.  If you had let the updates auto-install at the installation deadline, this reboot countdown will end at approximately 6:00pm on Tuesday.  Your computer will then automatically restart.
• If you computer is turned off or sleeping during the deadline times, the process will pick back up when your computer is on again - with updates automatically installing.  If the updates are past the installation deadline and the two-hour reboot countdown, Windows will begin immediately after installation if a system restart is needed.

How can I get advance notice of patches for the week?

If you would like to receive a list of patches we are testing for that week’s cycle you may subscribe to one or both of these email lists depending on the systems in question:

• Windows: MD-Patch-Announce-L
• Mac: MD-Mac-Patch-Announce-L

How can I avoid automatic reboots that can interrupt my work?

Security patches may sometimes, but not always, require a reboot before they are effective. Depending on the nature of the risk we may force a reboot upon application of the patch. You can control when the reboot will occur any time before the following Tuesday at 4:00 PM after you have been notified on the 4th Tuesday of the month via Software Center (Windows) or Notification Center (Mac OS) that updates are available. Simply access Action Center or Notification Center, choose to install the updates, and reboot your system when the install is complete. Creating a weekly calendar reminder may be helpful given our busy schedules.

How can I ensure that special software I use doesn’t break after a patch is applied?

The testing cycle for patches will include commonly used applications. If you have an application that is very specific to your area of responsibility we can add you to the test group. Submit a request to the IT Service Desk with the name of the application and the platform it runs on (Windows, Mac, both).