Routine Patching and 45-day Rule for Security Updates

Stay Secure: Patch and Reboot Your Computer!

In today’s digital world, keeping our computers secure is more important than ever. Just like we update our wardrobes for different seasons, our digital tools need regular updates to stay safe from online threats. That’s where patching and restarting come in – they’re like the vitamins of the tech world, strengthening your defenses and keeping your system running smoothly.

Without patches and restarts, your data is at risk. For the safety of the UNC-Chapel Hill network and data, F&O IT may disable computers that are not restarted and patched monthly.

We know life is busy, and remembering to patch and reboot might not be on everyone’s top priority list. Here are some tips to make it a seamless part of your routine:

The University releases our routine patches to computers on the third Tuesday of every month. If you have not allowed them to be installed by the 4th Tuesday of the month, your computer will force a restart to install the patches.
To smoothly install patches and updates, your computer needs some idle time, For the smoothest patching experience, at least once a week, please leave your computer on overnight, programs closed, with your account logged in but the screen locked. (Hold the Windows logo key and type an L to lock your computer.)
A Shut Down does not clear memory and program status data the same way a Restart does. Make sure you Restart your computer regularly. Restarting weekly is highly recommended, daily is even better. Shutting down is great for saving power, and we recommend you do that too.

Starting in April 2024, F&O IT will implement two security restrictions to better protect University data on our computers. Details are below.

Computers that have not “checked in” with University infrastructure in over 45 days may be disabled.
Computers which have not installed scheduled security patches in over 45 days may be disabled.

These changes bring F&O IT into alignment with best practices for data protection for both for University Policy and NIST compliance. If you have questions or concerns about this policy, please contact the F&O IT Security staff or the F&O IT Executive Director.

Dan L Barker
F&O IT Desktop Security Lead, Information Security Liaison

Quinton McDonald
F&O IT Desktop Security, Information Security Liaison

Ray Reitz
F&O IT Executive Director

Computers must connect with campus infrastructure once every 45 days to update policies and software settings.
To avoid disabling, computers must be plugged into the network or connected via VPN for more than one hour every 45 days.
Computers used as kiosks and other “no login” stations need to be rebooted at least once every 45 days to fulfill this requirement.
The last known user of a computer will be emailed by F&O IT Security staff with a notice at least two weeks before the computer is disabled.
The supervisor of the last known user will be emailed by the F&O IT Executive Director at least one week before the computer is disabled.

Computers must install patches for software in a timely manner.
Critical patches that are overdue by more than 45 days may result in the computer being disabled until a technician can patch the computer manually.
Non-critical patches that are overdue by more than 90 days may result in the computer being disabled until a technician can patch the computer manually.
Paid and subscription software must have an active subscription to remain installed on a computer once a required critical patch is identified.
Critical patches are patches that resolve a vulnerability scored with a CVSS over 7.0 or with a Homeland Security CISA Known Exploited Vulnerabilities notice, KEV.
The last known user of the computer will be emailed at least twice by F&O IT Security Staff over a period of two weeks before the computer is disabled.
The supervisor of the last known user of the computer will be emailed by the F&O IT Executive Director at least one week before the computer is disabled.