ISO 120-day Vulnerability Remediations
Important Notice from the Office of the Provost
The Office of the Provost has set forth a requirement that all high or critical risk vulnerabilities older than 120 days must be fixed. The order will require non-compliant systems to be quarantined or isolated from the campus network, meaning any machine attempting to connect to the UT Network will be denied access.
Actions Taken by LAITS
LAITS has already resolved a majority of vulnerabilities that can be fixed automatically. We are actively reaching out to customers whose vulnerabilities require a more hands-on approach. Your timely response to these requests is crucial to ensure your machine does not get quarantined.
Timeline for Notices and Quarantines
May 5th, 2025: Notices will begin going out.
June 5th, 2025: The first quarantines will commence.
After the initial notices, subsequent notices will be issued as the ISO identifies machines with vulnerabilities older than 120 days. LAITS will contact you via a ServiceNow Incident ticket if your machine requires attention.
What do I do?
Starting on May 5th, 2025 you may receive a notice that your computer has vulnerabilities. If these vulnerabilities are not fixed by June 5th, 2025, your machine will be quarantined.
To prevent this, please follow these steps:
Contact LAITS: Reach out to us via chat or incident ticket as soon as you receive a notice. Work with our team to address and resolve the vulnerabilities on your machine.
Stay Proactive: LAITS will also be running a proactive, ongoing project to identify and fix vulnerabilities before quarantines are necessary. Your cooperation in this proactive effort is appreciated.