September 2022 ePatching for Windows

To: GS IT All

Subject: September 2022 ePatching for Windows – Deadline 09/28/2022

WHEN IT WILL HAPPEN:

Fast Ring Testing Schedule:

Offers Available: Thursday, September 15, 2022 at 2:30pm
Installation Deadline: Tuesday, September 20, 2022 at 2:00am
Please send Fast Ring feedback using the Service Desk Form

Production Patching Schedule:

Offers Available: Wednesday, September 21, 2022 at 12:30am
Installation Deadline: Wednesday, September 28, 2022 at 2:00am

WHAT WILL HAPPEN: ePatching for Windows – September 2022

This Month’s Patch Cycle:

eAD Server Patch Schedule (Informational)

Next Month’s Patch Cycle:

Migration to 64-bit Notepad++

WHAT YOU NEED TO KNOW:

The ePatching Team has posted this month’s products and versions on the TST ePatching page. An archive of previous notifications can be found here.

Additional information regarding vulnerability management actions can be found below.

Important Reminders –

Use the report showing systems not properly labeled with Keyfiles and take action to repair them following guidance on the TST site to ensure patching activities can complete as scheduled. As a reminder – actions will be taken onBigFix Endpoints missing correct FISMA tagging.
Servicing Stack Updates are not released monthly, but when Microsoft does release Servicing Stack Updates, systems that require them will need multiple reboots.
MS SQL Patches: There are new SQL patches available this month. Sites that manage SQL servers should review the monthly SQL patching baseline and ensure installation of SQL patches are scheduled and completed before the monthly deadline. This will help minimize unscheduled service interruptions.

eAD Servers will be Rebooted for Patch Updates: Friday, September 23, 2022 and Saturday, September 24, 2022

Starting at 6 PM (local time), GS.DOI.NET physical Domain Controllers (DCs) and eAD Hyper-V host servers will be patched with the required Microsoft updates and rebooted. This will begin with servers in the Eastern Time zone.
Starting at 8 PM (local time), all virtual GS.DOI.NET DC’s, eAD servers, services, and eAD Distribution Point servers will be patched with the required updates and rebooted.
Patching will be staggered throughout the evening to minimize the impact of downtime.
During the 3-5 minutes that each Domain Controller is rebooting, clients will fail-over to other Domain Controllers for authentication and DNS resolution if configured to do so.

Migration to 64-bit Notepad++– Starting the week of October 3^rd, the ePatching Team will begin using MECM to patch Notepad++ installations. As a part of this transition, all 32-bit installations of Notepad++ will be converted to 64-bit, and the ComparePlus plugin will be installed. Plugins installed with the 32-bit version will not transfer to the 64-bit version, and will need to be reinstalled. Local IT Staff are encouraged to deploy the application 4-GS – Notepad++ 64-bit 8.4.5.0 locally during the month of September.

WHAT YOU NEED TO DO:

Local system administrators are responsible for testing the required patches and reporting any issues to the ePatching team.

Specific instructions regarding MECM, BigFix, and JAMF patching can be found on the TST website at: https://tst.usgs.gov/security/epatching/

Security Updates

Curl Use-After-Free < 7.87 on Windows

VMware Sign On Issues After Nov Patches

Updated Schedule- November 2022 Patching for Windows

ePatching for macOS: New Deadline 11/14/2022 6PM Eastern

October 2022 ePatching for Windows

September 2022 ePatching for Windows

September 2022 Patches for MacOS and Safari

CVE-2021-44228 – Apache Log4j Remote Code Execution Vulnerability

Emergency Directive 21-04 – Print Nightmare

DHS EMERGENCY DIRECTIVE – January ePatching for Windows, Mac, and Linux, Multiple Deadlines