Testing Guidance

Each month, the team at Readiness analyses the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact on the Windows platforms and application installations.

Given the significant number of changes included in this August patch cycle, I have broken down the testing scenarios into a high risk and standard risk groups:

High Risk:

As all the high-risk changes affect the Microsoft Windows core kernel and internal messaging sub-system this month, (though we have not seen any published functionality changes) we strongly recommend the following focused testing:

  • There has been a number of significant updates to the Microsoft Message Queue (MSMQ). This will affect your servers that rely on triggers, a routing services and multi-casting support. Our expectation is that internally developed line-of-business client/server applications are most likely to be affected and therefore attract increased attention and testing this month.

Standard Risk

  • Windows error reporting has been updated this month, so you will need to a “CRUD” test on your Windows Common Log Filesystem(CLFS) logs.
  • A group policy refresh should be included in this month’s testing cycle due to changes in the NT user policy (both user and machine) files. Due to API changes in this feature you may also want to check your file paths for your resultant log files.
  • Microsoft’s Crypto (CNG) API’s have been updated, so smart card installations will require testing.
  • ODBC applications will require testing again this month due to an update to the update to SQLOLEDB libraries

And one for Windows focused IT administrators: Microsoft has updated the WinSAT API. This tool is described by Microsoft as,

“The Windows System Assessment Tool (WinSAT) exposes a number of classes that assesses the performance characteristics and capabilities of a computer. Developers can use this API to develop software that can access the performance and capability information of a computer to determine the optimal application settings based on that computer’s performance capabilities.”

All these scenarios will require significant application-level testing before a general deployment of this month’s update. In addition to these listed specific testing requirements, we suggest a general test of the following printing features.

  • Update all your print servers and validate that the printer management software behaves as expected while running print jobs.
  • Uninstall any print management software after an update, to ensure that you server is still running as expected.
  • Test all printer manufacturer types, using both local and remote printer tests.

Automated testing will help with these scenarios (especially a testing platform that offers a “delta” or comparison between builds). However, for your line of business applications getting the application owner (doing UAT) to test and approve the testing results is still absolutely essential.

 

Greg Lambert