The companies that provide our software, such as Microsoft and Google, regularly release updates and patches to add features, fix bugs, and address vulnerabilities. It is our general operating position that all software should be properly maintained and all relevant patches applied. However, some security threats are actively attacked on the Internet almost immediately. Vendors release critical patches to address these zero-day exploits, and it is very important that they be applied immediately. ITS and other units at UConn deploy and apply these to managed workstations, and it is vital that individuals do the same for workstations that they manage themselves. Patches must be properly applied and all release note steps completed. Patching is necessary, but it is also important to actively monitor for vulnerabilities and to review logs to verify that there are no outstanding threats.
We are asking for your assistance reaching out to the community to encourage them to actively patch and maintain their personal and institutional devices. With many working remotely, they may require more help, especially if they have not connected to the UConn network recently via VPN or Direct Access. We encourage you to reach out if you need assistance securing your systems and services.