Berkeley Lab IT has released Microsoft’s latest updates for Windows 10, which contains patches for multiple critical security vulnerabilities. One of these, CVE-2020-0601, has been identified by the Cyber Security group as a mandatory update. As such, all Windows 10 systems at the Lab MUST be updated, and may be blocked from the network if they are out of compliance.
Most systems have already been updated using the recommended Windows Update settings, but there are still many systems which remain vulnerable. To address these remaining vulnerable systems, Berkeley Lab IT is using BigFix to ensure patches are updated:
If you get a Reboot Reminder from BigFix, it means that Windows is attempting to install updates, and needs to be restarted to complete the process. Your system will remain vulnerable until the reboot is completed.
For systems that are not getting automatically updated, BigFix will prompt you to install the updates directly from our BigFix server. If you get a BigFix patch notification, you will need to take recommended actions in order to protect your system. BigFix will reboot your system upon completion.
Please note that systems which are enrolled in BigFix Passive Management Mode will not be patched or rebooted by BigFix, and users are responsible for installing required updates by running Windows Update. For information regarding Windows Update, see Microsoft’s site, Update Windows 10.
Thanks to Windows Server Update Service (WSUS), Windows Reboot Reminders, and BigFix, IT User Support is able to identify vulnerable software running on LBL systems. If you wish to receive proactive communications regarding the health of your computer, you can Download BigFix and install it. If you have further questions about BigFix, please Request Help.
Reminder: always keep your operating system up to date, your applications patched, and your system rebooted at least once a week! Follow IT Best Practices to ensure computer health.