To: GS IT All
Subject: October 2022 ePatching for Windows – Deadline 10/26/2022
IMPORTANT – Ongoing BigFix Issues: The DOI BigFix Team is continuing to work with the vendor HCL on resolving reliability issues with authentication into the BigFix Console and Web Reports. The Department considers the issue as “ongoing” until we are told otherwise.
Except for offices with Approved Exceptions to be Excluded from the ePatching Program, all sites should refrain from issuing local patch deployments using BigFix and rely on the ePatching Team’s deployments and timeframes during the October ePatching cycle.
Additionally – please be aware that USGS ePatching Team members will make best effort to create BigFix Offers and Actions, however the timeframes presented below may slide should they have trouble gaining and maintaining stable access to the console.
WHEN IT WILL HAPPEN:
Fast Ring Testing Schedule:
- Offers Available: Thursday, October 13, 2022 at 2:30pm
- Installation Deadline: Tuesday, October 18, 2022 at 2:00am
- Please send Fast Ring feedback using the Service Desk Form
Production Patching Schedule:
- Offers Available: Wednesday, October 19, 2022 at 12:30am
- Installation Deadline: Wednesday, October 26, 2022 at 2:00am
WHAT WILL HAPPEN: ePatching for Windows – October 2022
This Month’s Patch Cycle:
· eAD Server Patch Schedule (Informational)
· Dell Command Monitor 10.8
WHAT YOU NEED TO KNOW:
The ePatching Team has posted this month’s products and versions on the TST ePatching page. An archive of previous notifications can be found here.
Additional information regarding vulnerability management actions can be found below.
Important Reminders –
- Use the report showing systems not properly labeled with Keyfiles and take action to repair them following guidance on the TST site to ensure patching activities can complete as scheduled. As a reminder – actions will be taken on BigFix Endpoints missing correct FISMA tagging.
- Servicing Stack Updates are not released monthly, but when Microsoft does release Servicing Stack Updates, systems that require them may require multiple reboots.
- MS SQL Patches: Sites that manage SQL servers should review the monthly SQL patching baseline and ensure installation of SQL patches are scheduled and completed before the monthly deadline. This will help minimize unscheduled service interruptions.
- MacOS Patching: MacOS patching cycles are now independent of the Windows patch schedule, and will be announced in a separate memo.
eAD Servers will be Rebooted for Patch Updates: Friday, October 21, 2022 and Saturday, October 22, 2022
- Starting at 6 PM (local time), GS.DOI.NET physical Domain Controllers (DCs) and eAD Hyper-V host servers will be patched with the required Microsoft updates and rebooted. This will begin with servers in the Eastern Time zone.
- Starting at 8 PM (local time), all virtual GS.DOI.NET DC’s, eAD servers, services, and eAD Distribution Point servers will be patched with the required updates and rebooted.
- Patching will be staggered throughout the evening to minimize the impact of downtime.
- During the 3-5 minutes that each Domain Controller is rebooting, clients will fail-over to other Domain Controllers for authentication and DNS resolution if configured to do so.
Dell Command Monitor Software Deployment – Dell Command Monitor 10.8 will be deployed to all non-server Dell hardware during the October ePatching cycle. The application will be maintained through weekly patching cycles going forward. The application integrates with MECM and will be utilized to gather and centrally report warranty information of Dell hardware, for use in hardware lifecycle planning alongside of Windows 11 Hardware Compatibility data. Warranty data reporting information will be communicated in a future memo.
WHAT YOU NEED TO DO:
Local system administrators are responsible for testing the required patches and reporting any issues to the ePatching team.
Specific instructions regarding MECM, BigFix, and JAMF patching can be found on the TST website at: https://tst.usgs.gov/security/epatching/
