Manually applying Windows Operating System Security Updates ("OS patching")

In response to the increased number and severity of threats, starting on August 2021, ACIS will be applying a Windows OS automatic update policy. This policy will automatically apply OS updates to all Windows OS, domain based computers on a monthly basis. The sections below pertains to to older Windows-based devices where notifications are received but no updates are automatically applied, instead a manual update is initiated.

Microsoft discloses new security vulnerabilities to the Windows OS and applications on the second Tuesday of every month, known as “Patch Tuesday.” These are not "optional" updates; but rather, updates that address critical security fixes that must be applied as soon as possible.

ACIS places a delay of 5 days on patches being visible for installation on domain laptops or desktops. However, depending on whether particular vulnerabilities are actively being exploited, we may send out a communication to the Anderson community and apply these patches using our central patch management—but allowing users to manage the restart on their own.

In this section, you will see information centered around the following questions:

How can I manually initiate security updates on my Anderson desktop computer?
How can I patch a laptop that has been assigned to me by my department?
Important notes regarding Windows OS and 3rd Party updates.
Any other suggestions to keep my Windows based computer properly secured?

How can I manually initiate security updates on my Anderson desktop computer?

If you have a domain desktop computer within the Anderson complex network.

OPTION 1. Installing updates when Windows pops up notifications that critical security updates are available. Click on "View Updates" then "Install now" to apply critical updates. If patched regularly, new monthly updates should take about 20-30 minutes to apply.

IMPORTANT NOTE: It is best to Restart the computer immediately. Oftentimes, you may continue to work after updates are installed, but keep in mind that not restating right away may have leave some programs unstable. If you must continue to work after updates are applied, a restart should be completed no later than at the end of the work day. Close and or save your programs before restarting. Some programs, if not closed may hang the restart process. However, most will close and reload once you log back in.

OPTION 2. You may also manually initiate Windows updates by typing “Check for Updates” on the Windows search field, click on check for updates to the search results, and click on Install Now, to install all available updates. Once the updates are install, you will receive a message that it is time to restart the computer. This requires a manual confirmation for restart.

How can I patch a laptop that has been assigned to me by my department?

The current process for manually initiating Windows updates on domain or non-domain university owned laptops is still the same as domain desktops, OPTION 1 or 2 in the above instruction set..

Important notes regarding OS and 3rd Party updates.

KEEP IN MIND: As of July of 2015, the first release of Windows 10, Microsoft the Windows as a Service (WaaS) release model. Microsoft typically releases a Windows major version upgrade roughly every 6 months. When checking for updates, you may occasionally see a new version available (feature update). If you have been doing monthly updates, your computer is better prepared to receive these major updates, and you can apply them the same way you would other monthly updates.

Any other suggestions to keep my Windows based computer properly secured?

Leaving computers on without regularly patching is a big risk to individual computers and other university systems. In addition to installing Windows OS updates on a monthly basis, or as they become available, we recommend the following:

Replace your computer at a 5 yr cycle. The longer the hardware runs, the more likely there are hardware issues, and hardware vulnerabilities that need to be mitigated.
Avoid consumer products. Before making a purchase, reach out to the ACIS Service Desk for recommendations of selected business models. Business models are built around better components, security tools and management technologies.
Review application life-cycle and keep other software updated. The old days of installing a software that could be kept in frozen state is not longer a luxury. Either updating it or upgrading to a newer version is a necessity.
Restart your computer every few days, at least weekly. There are oftentimes updates to 3rd party applications, to which updates are applied, and although most don't need any computer or application restarts, many do. It is a good way to staying up to date, and cleaning up any application instabilities.
Install a robust anti-virus, anti-malware software. ACIS will install FireEye HX on all university-owned computers.
Install a password manager. Password managers can assist in saving complex passwords that are unique (rather than passwords that you use for many sites), making it more difficult to compromise, using encryption.