December 2024 Microsoft Security Update | Information Technology | University of Pittsburgh
!

Search form

You are here

Home

December 2024 Microsoft Security Update

Tuesday, December 10, 2024 - 15:12

Timely updates and reboots are essential to maintain the security and integrity of the University’s network. Please take note of the following updates and guidelines in three areas related to cybersecurity:

Install New Microsoft Patches and Reboot

Today Microsoft released their December security updates that affect a wide range of products. It is crucial to promptly identify and install these updates to protect your systems from vulnerabilities. Please adhere to the following installation timelines:

  • Zero-day and known exploited vulnerabilities: Install patches within 14 days of release.
  • Critical/high and unknown/unspecified common patches: Install within 30 days of release.
  • Low/medium common patches: Install within 90 days of release.

Detailed information about the updates, including the Base Score (severity rating) for each vulnerability, can be found on Microsoft’s Security Response Center. Further details on Base Score/severity ratings are available from sans.org.

Some patches may require a system reboot to take effect. We urge you to communicate the importance of these updates within your department to ensure timely action and compliance. Failing to install these updates can leave your systems vulnerable to cyberattacks.

Updates Available Through EDM

Updates are currently available for participating departments through the Enterprise Device Management (EDM) program within a week of being released by Microsoft and devices should be rebooted within 7 days after being installed. Starting in January, these updates will be available on EDM by the second Thursday of the month with reboot required within 6 days after being installed.

Endpoint Protection Requirements

For enhanced security, all University devices should utilize Microsoft Defender for Endpoint/Server. We also recommend that students, faculty, and staff install an endpoint protection solution such as Microsoft Defender on personally owned devices that access PittNet or other University resources. This measure is vital for safeguarding both University and personal devices against potential threats.

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if have any questions or need further clarity about this announcement. This information is provided by Pitt IT Information Security.