Patch Management at UND

Tags patch


Patch Management Statement

UIT is dedicated to fostering a secure computing environment for all individuals utilizing or accessing UND’s IT resources. This encompasses various scenarios, such as individually assigned or shared computers, isolated or networked systems, and those physically situated on campus or utilized by remote employees.

The compromise of any computer within our network poses a potential threat to the entire system and any connected devices. Patch management stands as a fundamental practice aimed at significantly reducing vulnerabilities within an organization’s IT infrastructure. An effective patch management program minimizes the time and resources expended compared to handling an actual security incident.

What is the purpose of Patch Management?

Patch Management ensures that all University-owned devices are patched with the latest security updates. Doing so enhances the security and reliability of computers and networks. Additionally, UND’s patch management process informs the UND community about UIT’s patch management procedures and any changes that will potentially affect the employee’s workflow.

Who does Patch Management impact?

The UIT patch management process is applicable to all members of the UND community, including faculty, staff, students, contractors, delegates, and any other parties utilizing or accessing UND resources, whether on campus (locally) or remotely.  It is important to note that this policy specifically pertains to UND-owned devices only and not personally owned devices.

What devices will Patch Management impact?

This policy applies to all UND-owned devices. This includes servers, endpoints, tablets, and phones. This policy currently applies to Windows and Apple devices. Note that while Linux is not officially supported by UIT, all Linux operators must ensure their devices comply with the policy standards and remain up to date.

When/how often will devices be patched?

Software and system patches will be deployed once a month on the fourth Monday of every month at 8 am. Critical security updates, however, may be applied as soon as practically possible to mitigate the security risk to the UND community.

I am in the middle of a critical project or a meeting and have received a notification that I must update and reboot. I cannot update and reboot right now. What should I do? Can I reboot later?

Yes! If you find yourself in the midst of a critical project or meeting and receive a notification requiring an update and reboot, but cannot do so immediately, you do have the option to defer the update.

Simply click the “defer” button on the notification popup, which will effectively silence the notification for a minimum of 15 minutes. Employees are permitted to defer the patch/reboot up to 10 times.

However, it is important to note that once all deferrals are used, the patches will automatically install, and the computer will need to be rebooted.

UIT encourages employees to reboot their computers at their earliest convenience to prevent potential data loss or disruptions during meetings. This ensures a smooth experience for all involved.

I was in the middle of something and accidentally applied the patch. Will I be given time to finish what I was doing before rebooting?

Yes. Once the patch is applied, you will be given a time limit of 2 hours to reboot your device. This will be displayed in a notification message. You will have the option to “Restart Now” or to “Minimize” the notification. If you minimize the notification, it will reappear (and be unable to be minimized) within 2 minutes of the device restart. Please be sure to save your work.

I am a student here at UND. Am I required to be compliant with this policy?

As a student at UND, your compliance with this policy depends on whether you are using a personally owned device or a UND-owned device. If you are using a personally owned device, your compliance is not mandatory; however, UIT strongly recommends adhering to best practices by using an officially supported operating system. This ensures that you receive the latest feature updates, bug fixes, and security patches, thus enhancing the safety of your computer against potential vulnerabilities.  

For PC users, UIT recommends either Windows 10 or Windows 11, both of which are still supported by Microsoft and regularly receive bug and security patches.  Remember that Microsoft will end support for Windows 10 on October 14, 2025, please plan to update Windows 11 before the end of support. For macOS users, UIT suggests running either macOS 12 (Monterey), 13 (Ventura), or 14 (Sonoma), as Apple continues to provide security updates and bug fixes for these operating systems.

It is important to note that older versions of macOS, specifically macOS Sierra and earlier, do not meet the security standards required for connecting to the campus Wi-Fi.

If you are a student employed by UND and utilize a UND-owned device for work purposes, it is mandatory for the UND-owned system to be compliant with this policy.  

What is a software patch? I am not sure what that is.

A software patch is an update to existing software, typically consisting of code that is inserted (patched) into the codebase of a program after its initial release. These patches serve various purposes, including updating the software, rectifying bugs (errors), installing new hardware drivers, addressing security vulnerabilities, and enhancing stability. Patches are released after the initial launch of the application to improve its performance and address any identified issues. 

I am concerned about potential complications. What steps is UIT taking to reduce the risk?

UIT will be testing all rollouts on our systems prior to releasing them to the rest of the campus. If any issues arise during testing, UIT will postpone the rollout until those issues are resolved.

Will UIT provide the UND campus reminders about upcoming patches?

Yes! We will announce upcoming patches to the UND campus through email announcement.

In the event of a zero-day exploit (i.e., a security vulnerability that is actively being exploited) UIT will take immediate action and will deploy the required patch and promptly issue campus-wide notification.

I am hesitant to patch my UND-owned device. Whenever I install security patches, I encounter issues, and my computer’s performance suffers.

To ensure a secure computing environment for all campus users, UIT requires that all systems remain up to date with the latest security and system patches. Failure to comply with this requirement jeopardizes the security of UND systems and may result in the device being disconnected from the network.

If past experiences with patch installations have caused problems for your device, UIT advises submitting a support ticket. Our team can then assist with troubleshooting or potentially re-imaging the device to resolve any issues effectively.

You have referred to IT Resources multiple times. Could you elaborate on what falls under this category?

IT resources encompass a wide range of assets critical to our operations, including but not limited to endpoints, servers, networking equipment, communication equipment, applications, hardware and software systems, data and databases, physical facilities, services provided by cloud-based vendors, software as a service offerings, and any related materials and services essential for supporting our technological environment.

What will the patch software look like? Do you have any examples?

Yes. Sample Images are included below of what users will experience. Users across campus will experience one of the first two images listed below. The first image will be encountered if the patching software does not find any open software programs that are going to be patched.

In the second image, the software found that Google Chrome is open and needs to be closed before the patch can continue.

These notifications indicate which software is going to be patched (or removed) and notes the remaining deferrals the user has remaining. In this case the notification indicates there are 3 deferrals remaining.

Both notifications offer the option to “Defer” or either to “Continue” or “Close Programs.”

Once the user clicks “Continue” or “Close Program,” the patching software will begin software patching and any software removal that may be required. Users will be notified of the software patching progress by the notification window below. The software will provide each user with updates on where it is at in the patching/removal process. 

Once the patching software is complete, users will receive a popup warning asking to restart the computer. Users may minimize this window to continue working. Keep in mind that the window will return 2 minutes before a computer restart is forced. The window cannot be minimized at that time. You can also restart your computer at any time by clicking the “Restart Now” button. UIT strongly recommends that the computer be restarted at the soonest available time to prevent an inconvenient restart during a meeting or while working on a project.

I have other questions on this policy that are not listed. Who can I speak with?

Please open a chat with UIT and speak with a member of the service desk on your concern. They can create a ticket and route to the appropriate team, if they are unable to answer your concern adequately. UIT Chat Support

Alternatively, you can submit a ticket to UIT detailing your concern. This can be done here: Report an Issue with UND Provided Computers and Devices.


Was this helpful?
100% helpful - 1 review
Print Article


Article ID: 151738
Wed 6/12/24 3:01 PM
Fri 6/21/24 9:40 AM