Frequently Asked Questions: Automated Application Patching
What is Automated Application Patching (AAP)?
AAP is a centralized process implemented by the Office of Information Technology (OIT) to apply security patches to software applications automatically and efficiently.
Why is UAH implementing AAP?
There are 3 primary reasons why UAH OIT is implementing AAP:
- AAP reduces the risk of cyber attacks by reducing the number of vulnerabilities automatically and in a timely manner, minimizing the likelihood of a vulnerability being exploited to gain unauthorized access to the UAH environment. This is UAH’s implementation in support of policy 06.01.02 Security of IT Resources.
- AAP is a requirement for the university to maintain cyberinsurance coverage.
- As an additional benefit, this will reduce the level of effort for your support personnel since they will always be troubleshooting the latest supported version of applications, allowing personnel to resolve issues faster and saving UAH money.
How can I tell if I have an application that is scheduled to be updated?
If your computer is part of the primary university domain (DS.UAH.EDU), no action is required. The scheduled patching will occur automatically and in the background. You will also have the option to install patches manually when they are published.
All patches will be visible in Software Center, an application installed by default on all Windows 10 and 11 clients in the DS.UAH.EDU domain. To view pending patches, open Software Center. The number next to Updates indicates that this number of software updates are pending installation.
Click Updates to view when each patch is scheduled to install.
Additionally, you should receive a notification on your computer indicating software changes are required.
You can click this notification or open Software Center to see which applications will be patched as well as the deadline for installation. If you do not manually update the software, the update will happen automatically on the date and time indicated in the Status of the update.
What computers will have their applications automatically patched?
Windows desktop clients running Windows 10 or Windows 11 will automatically receive application patches. We are working on a similar system for MacOS which will be deployed in the coming months.
Systems running server operating systems (Windows Server 2019 and Windows Server 2022) will not be automatically patched.
When will AAP update the applications on my computer?
By default, all application updates will be scheduled to occur outside of normal UAH business hours in order to minimize impact with most patches being deployed in an overnight window. However, it may be necessary to push some updates during the workday.
We make every attempt possible to avoid restarts that could disrupt the normal workday for users but all users are encouraged to save their work regularly.
Do I need to leave my computer on and stay logged in to my computer for AAP to update the applications?
Important! Always lock or log out of your computer when leaving your workstation.
If your computer is connected to the UAH wired network, you will not need to leave your device on nor stay logged in for AAP to update applications. MECM has the capability to wake systems on LAN and install patches without the user being logged in.
If your computer is not on LAN, OIT recommends turning on the device, logging in, and connecting to the UAH network at least once every two weeks to allow AAP to apply updates. While on campus, this can be completed by connecting to the wired network or to UAH Wi-Fi. While off campus, computers can connect to the UAH network using the UAH VPN.
Will all applications receive an update across major versions (version 1 to version 2) for example?
The vast majority of commercially available applications will be updated within the major versions with only minor revisions automatically applied. The solution is smart enough to understand licensing limitations and issues updating between versions. To use Python as an example, it knows that version 3.11 and 3.12 are different products. So it would update 3.11.1 to 3.11.6 but would not automatically update it to 3.12. As another example, Zoom could be updated from version 5.15 to a later version like 5.16 but would not automatically be updated from 5.15 to 6.00 when it comes out. Similarly, if you are running a specific version of Minitab, it will not force you to update to the latest version, potentially putting you out of compliance with your software license.
Can I opt out of the AAP program for my PC?
This program is being implemented in stages across the campus. The plan is for all computers to follow this same patching plan. If there is an operational need for a computer not to participate, submit a help desk ticket for evaluation by the CISO.
What if I have other questions about this process?
Please contact the OIT Help Desk with your question and OIT will respond as soon as possible.