Computer Vulnerability Management
Weekly Computer Restart
Computer vulnerability management is a security practice designed to proactively prevent the exploitation of IT vulnerabilities that exist within computers in an organization. Proactively managing computer vulnerabilities will reduce or eliminate the potential for exploitation and involve considerably less time and effort than responding after exploitation has occurred.
Montana State University is committed to ensuring a secure computing environment and recognizes the need to prevent and manage IT computer vulnerabilities. For more information on this practice see the Computer Vulnerability Management document for complete details.
Weekly Computer Restart
Standing practice will be to restart all computers weekly between 10:00 PM Wednesday night and 3:00 AM Thursday morning. The Weekly Computer Restart will ensure all computer patches are applied on a regular schedule, except for those that may have opted out.
Weekly Computer Restart Exemption
Users can complete the Weekly Restart Exemption Request form to opt out a computer they manage from a weekly restart if there is the possibility of an academic or administrative process being negatively impacted by the restart.
- Requests will be reviewed on a case-by-case basis.
- Exemptions will only apply for the next scheduled patch.
- After requested exemption has occurred, the computer will be placed back in our queue and resume a weekly restart schedule.*
- Restart exemptions DO NOT APPLY to out-of-band patches.
*This means the computer will be restarted the following Wednesday, beginning at 10:00 PM through 3:00 AM Thursday morning.
To request exemptions beyond the next scheduled restart contact the UIT Service Desk at 406-994-1777 or email@example.com. Long-term exemption requests will be evaluated by your manager and UIT.
Please be aware:
Ivanti, MSU's desktop management and remote assistant tool installed on university-owned computers will alert users whenever it detects that a computer restart (reboot) is required. See Ivanti reboot notification.
Rebooting at the time of the notice may not prevent the weekly restart and users should expect the weekly restart to occur during the period between 10 PM Wednesday and 3 AM Thursday each week.
Unscheduled Restart for Out-of-Band Patch/Update
A unscheduled restart of computers may be required to address a zero-day exploit, ensuring the out-of-band patch is applied and preventing the computer exploitation.
User Notification: In the event that an unscheduled restart is needed, communication will be sent to all users' @montana.edu email addresses advising that UIT will be performing an unscheduled restart and the date the restart will begin. Computers will then be restarted on the specified night between 10:00 PM and 3:00 AM the next morning.
Out-of-Band Restart Exemption
Exemptions are not available for out-of-band patches due to the highly critical nature of such a patch/update and the associated appearance of a zero-day vulnerability or zero-day exploit,
Computer Vulnerability Management – Permanent Exemption
If you feel an endpoint you manage should never receive any system updates or patches, please contact the UIT Service Desk. Permanent exemption requests will be evaluated by your manager and UIT.