Each month, the team at Readiness analyses the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact on the Windows platforms and application installations.

The following changes have been included in this month’s update and have not been raised as either elevated risk (of unexpected outcomes) and do not include functional changes:

  • Printing has been updated to prevent a remote code execution scenario. Printer redirection processes/configurations will need a test cycle.
  • Bluetooth system files have been updated on all currently supported Windows desktop builds. I have real trouble with Bluetooth testing as I find Bluetooth connectivity “flaky” at the best of times. This month, test out Bluetooth mice, keyboards, and your headsets.
  • Base log files (BLF) have been a critical component of ransomware attacks throughout last year as attackers exploit vulnerabilities in the Windows Error Reporting and Log file system (WER). These (BLF) file types were updated this month, and a Windows Error Log Reporting file test will be required that includes file create, read, update, and delete operations.
  • Core components of the Microsoft Group Policy (GPO) administration tools have been updated and so GPO templates will require testing by administrators and more importantly, by delegated non-administrators.
  • There has been another update to how Windows handles file compression. This time we should still expect to test file extraction but not as much focus on file level compression. We suggest using a command/batch file to run EXTRACT/Extrac32 on at least a few hundred small to midsize files.
  • You will have to include a background image or “Wallpaper” test this month due to an update to Windows Shell. This is an easy one. Can I see my corporate wallpaper when I login? Yes? Happy days!

For Developers: Microsoft has made a major update on how Message Queuing (MSMQ) works in Windows desktops with this month’s Patch Tuesday release. One sub-component of the MSMQ feature deals with Remote Procedure Calls (RPC) that are commonly used in distributed applications. To test out your distributed, MSMQ and RPC driven corporate applications (you know who are) please ensure that the following components area are including in your project release schedule

  • Message Queue (MSMQ) Services
  • MSMQ Active Directory Domain Services Integration
  • MSMQ Triggers
  • HTTP, Routing Service and Multicasting Support
  • MSMQ DCOM Proxy

Automated testing will help with these scenarios (especially a testing platform that offers a “delta” or comparison between builds). However, for your line of business applications getting the application owner (doing UAT) to test and approve the testing results is still absolutely essential.

 

Greg Lambert