Skip to content

CSBS Computing

College of Social & Behavioral Science

Main Navigation

Installing Updates

University policy 4-004  requires us to patch all managed workstations. Exceptions to this policy generally have to be approved by GRC and usually require other mitigations, such as limited or no network connectivity.

Microsoft releases monthly patch roll-ups on the second Tuesday of each month. Automated processes trigger on our management systems which make those patches available to managed workstations. This usually occurs on that same Tuesday, but may occur a day or two later due to availability from Microsoft servers.

Updates/Patches become available for our users to install via the Software Center, and remain available for 3 days. There are prompts that appear on the workstations informing users that required updates are available via the Software Center. The installation deadline is displayed in the Software Center during the 3 day grace period. 

After the 3rd day deadline, if the updates have not been installed through user interaction, the updates will then install automatically and could include a forced reboot. A reboot prompt will display for 30 minutes before rebooting and should allow delaying for up to 12 hours. 

Occasionally a security update is published by Microsoft out-of-cycle from Microsoft's patch Tuesday to address a severe vulnerability. We apply the same 3 day grace period to those updates.

The duration of the grace period, 3 days, was selected to match the 72 hour requirement for application of critical severity patches defined in policy 4-004. While it is true that not all patches will meet the critical severity criteria as defined in the policy, we have selected one standard grace period for all patches due to the volume and frequency of patch releases and in consideration of limited labor resources.

If you have a laptop, or any computer that you must power down regularly, it is important that you manually install available updates when released, or as soon as possible. Learn how to install or update specific applications.

 

Windows

Finding Software Center

    1. Look to the Task Tray located on the lower right portion of your screen, near the date and time. An icon with a red star () appears when an update becomes available. The icon may be hidden so you should periodically check for the icon by clicking the '^' symbol to view background applications running on your system.
      g

    2. Right-click the icon and select to open Software Center.
      1. If there is no icon, open the Start Menu from the lower left of your screen and search "Software Center".

      2. Or select the Start Menu -> All Programs -> Microsoft System Center  -> Software Center

    3. Click on 'Updates' as shown in the left hand column. This will show available updates for your computer.  Example belowf

    4. Recommend using the "Install All" button in top right to kick off the update process.  
      1. NOTE:  The second update shown here is a Feature Update

    5. Updates will begin to install and their status will change to 'Preparing to download', 'Downloading', 'Installing', and then 'Installed'.  If any updates need a Restart to complete installation, they will have a status of 'Requires Restart'.

    6. Software Center should alert you when the updates are done installed and a reboot is required. f

    7. If you had closed the Software Center window or choose to close instead of restarting, you will know you need a restart by the modification to the icon in the task tray. The software available icon () will now be a green icon ().  

    8. Right click on this icon and you can select 'Restart Now', which will immediately restart you computer and install updates.  If you select 'Open Restart Window', you will get a window similar to the below:
      f

    9. Choose to restart your computer now and install the selected updates or be reminded in a set number of hours.  Be sure to save your other work, as selecting 'Restart Now' will restart your computer.

If Software Center is delayed past the 72 hour deadline or fails to install updates, a utility called Tanium may do the patch installs automatically. Tanium will not warn for the install but will prompt for reboot. The reboot can be snoozed for up to 12 hours:

 Tanium Patch Pending Reboot choose Restart Now or Postpone

Postpone options: Snooze Options: 3, 8, and 12 hours

If you see a status of "Failed" for any update, please submit a support case at https://support.csbs.utah.edu/helpdesk or call 801-585-8985.

Last Updated: 1/31/24