Campus Alert: Find the latest UMMS campus news and resources at umassmed.edu/coronavirus

Page Menu

Patch Management


UMASS Medical School is committed to ensuring a secure computing environment and recognizes the need to prevent and manage IT vulnerabilities.  A compromised computer threatens the integrity of the network and all computers connected to it.  Patch management is a security practice designed to proactively prevent the exploitation of IT vulnerabilities that exist within an organization. Proactively managing vulnerabilities will reduce or eliminate the potential for exploitation and involve considerably less time and effort than responding after exploitation has occurred.

Effective patch management requires a process to identify vulnerable software, evaluate available patches, test and deploy those patches, and confirm their successful installation.

Windows Server Patching:

The Information Security team is responsible for deploying server patches on a monthly basis utilizing predefined maintenence windows as defined in the Infrastructure Services Maintenance Window Standard.

Please refer to the patching window schedule.

To reference a list of servers by patch window, please log into SCCM SQL Server Reporting Services.  If you require access to view the listing of servers, please submit a request to Information Security.

To move a server to another patch Window, please create a helpdesk ticket and assign to Information Security.

Windows Endpoint Patching:

All UMMS computers are required to be patched per the Information Security Policy. 

A system reboot is required to successfully install most security patches.  Until the reboot occurs, the computer remains vulnerable to attacks which the installed patch protects against.  Information Security understands the impact an ill-timed reboot can have on user productivity.  In order to provide the users with as much flexibility as possible, security updates will be deployed with an option to defer the reboot for up to 24 hours. During the last 90 minutes, a countdown clock will be presented on the screen; this process cannot be deferred.

Patches are throughly tested by Information Security and are deployed monthly basis. A deployment calendar is available to view patch deployment dates.

When patches are deployed, users will receive the following notifications:

image2gwfr.png

If patches were deferred, a restart message will appear 90 minutes prior to the reboot.