The CFAES computer patch management program will use a different tool to install Microsoft security patches starting this month (February). If the security patch requires a reboot, you will see the prompt (further down in this message). It is important you take a few minutes to reboot your computer so the patch can complete the installation process. Otherwise, your computer remains vulnerable.
As a reminder, CFAES IT releases Microsoft security patches either the first week of every month or the 5th week of the month (depending on the month).
Here’s our monthly patching timeline:
- Second Tuesday of every month: Microsoft releases its new security patches
- Second Tuesday through the third week of every month: IT tests the patches on 10 to 15 IT testing devices
- Fourth week of every month: IT as a whole receives the patches for further testing
- Either the first week of every month or the 5th week of the month (depending on the month): CFAES (the entire college) receives the patches
The above schedule is subject to acceleration should a zero-day, ultra-critical vulnerability surface requiring the deployment of a security patch (rarely happens).
Following the installation of the patch, if the security update requires a reboot and you have not yet done so within 3 days (your machine is still vulnerable), you’ll see a prompt asking you to save your work and reboot your computer. You will have the option to delay for one additional day then the reboot will happen automatically.
As a reference, Ohio State’s Information Security Control Requirements (section IT10.4.1) requires all colleges to employ a desktop patch management program.
If you have any questions, please contact Rob Clifford at 614-292-9802 or Clifford.158@osu.edu.