Windows® Desktop and Laptop Patching

Patching is the process for updating products and systems. Patches correct security and functionality problems in software and firmware. We performed an audit of the Tennessee Valley Authority’s (TVA) patching of Windows® desktops and laptops to determine if high-risk vulnerabilities on desktops and laptops were patched in accordance with TVA policy and best practices. We found (1) TVA policies and procedures aligned with best practices, (2) the majority of Windows® desktops and laptops managed by TVA’s automated patching system were patched for high-risk vulnerabilities in accordance with TVA policy, and (3) TVA had mitigated vulnerabilities for Windows® desktops and laptops that had not received updates. However, although the majority of Windows® workstations were managed by TVA’s automated patching system, we found some desktops and laptops were at potential risk of compromise.