Body
What are Third-Party Software Updates?
Third-party software updates are the release of updates from third-party software vendors that are not the OS vendor; i.e., Microsoft.
Many third-party updates correct security vulnerabilities in applications and software bugs, or introduce minor and major new features and other changes to the software.
Although Microsoft releases its updates fairly consistently (the second Tuesday of each month at 10 a.m. Pacific), this schedule is not necessarily the schedule for the myriad of other companies that make software on your computer. Third-party vendors may push out a patch every month, six weeks, annually, or never. In cases of security or bug fixes, they generally push out a patch as they are developed.
How are these updates scheduled at Chico State?
At Chico State, IT Support Services in the Division of IT manages and deploys these and other updates with the Microsoft Endpoint Configuration Manager, and patch vendor, Patch My PC.
The Configuration Manager synchronizes its list of updates with third-parties, then downloads and prepares the updates to be delivered to campus on the following schedules:
Updates are staged and deployed using Automatic Deployment Rules (ADRs.) ADRs are evaluated for new updates every other Monday at 5 a.m. They are deployed to a Pilot Group and a Production Group.
- A Pilot group of computers has the updates available for installation from Software Center as soon as they are prepared: every other Monday, usually by 7 a.m. The Pilots are required to install the updates two days later, on Wednesday.
- If any updates require a computer restart to fully apply, then that restart is also required after a 24-hour grace period, usually on Thursday. Pilots are monitored for unexpected negative effects, which if noticed, are traced to applicable updates, and the update is withheld from production.
- The Production group of computers also has the updates available for installation from Software Center as soon as they are prepared on Monday, usually by 7 a.m. The Production group is required to install the updates 4 days later, on Friday.
- If any of the updates require a computer restart to fully apply then that restart is also required after a 24-hour grace period, on the Friday after Patches are released the previous Monday.
- While most updates will fall into this deployment cycle, ITSS also monitors Microsoft Security Bulletins and Microsoft Defender Console for high and critical severity vulnerabilities and will prioritize patching as needed. Should high and critical vulnerabilities be reported, out-of-band patching may result if immediate prioritization becomes required.
Do I have to follow this schedule?
ITSS recommends that you install the updates as soon as they become available in Software Center, as convenient. To minimize the disruption of an enforced restart, try installing the updates on Wednesday afternoon, and then restarting the PC when you leave for the day. There's no need to wait for the forced install on Thursday or the enforced restart on Friday.
Choose a day and time that suits you.
Why is patching important?
Regular patching provides the following advantages:
- corrects software problems, including vulnerabilities, bugs, and compatibility issues
- keeps the software updated and functioning properly
- introduces features
Chico State urges its customers to patch as soon as it releases security updates. Malicious actors constantly scrutinize the code in patches to gather clues to develop malware variants.
Do I have to receive Software Updates?
Yes. To comply with minimum workstation standards policies published by our Chancellor's Office, "Workstation computers must be configured to allow automatic application of software updates through a patch management system." This can be found at https://calstate.policystat.com/policy/11773867/latest/#autoid-6w2ve