Each month, the Readiness team analyzes Microsoft’s latest updates and provides technically sound, actionable testing plans. August’s release brings updates to core Windows components, with significant changes affecting printing subsystems and remote desktop authentication. Two components have been designated as high-risk and warrant immediate attention: the Printing Subsystem and Remote Desktop Authentication components.
For this August testing guide, we have grouped Microsoft’s updates by Windows feature and accompanied each section with prescriptive test actions and rationale to help prioritize enterprise validation efforts.
Core OS and Printing
Microsoft has updated core kernel components affecting the Windows OS as a whole, including kernel and system drivers. The printing subsystem update carries high risk and requires immediate validation. These low-level system changes can impact system stability and printing functionality across the enterprise. We recommend the following testing approach:
- Apply the security updates and reboot the system
- Test various print scenarios, including printing from 32-bit applications
- Run scenarios to test that Win32 applications properly render text content
- Use Kernel Transaction Manager to create, roll back, migrate, and dispatch transactions
- Test transaction NTFS scenarios
Remote Desktop & Network Connectivity
This month’s updates significantly impact remote desktop authentication and network connectivity components. This month’s updates to Microsoft Active Directory authentication are marked as high-risk and affect both Azure AD and traditional Active Directory authentication scenarios. Low-level network socket functionality has also been updated. We recommend testing of the following areas:
- Test RDP logins using Azure AD token (interactive login), NTLM credentials and Kerberos
- Validate RDP login via Remote Desktop Gateway (RDGW) using AD credentials
- Ensure correct RDP session timeout and auto-reconnect behavior
- Validate credential caching and re-authentication prompts using Connect → Disconnect → Reconnect → Logoff → Login testing cycles.
- Trigger and verify MFA challenges during RDP login
- Transmit UDP packets to IPv4 and IPv6 address structures and create UDP sockets with Winsock library, bind and unbind with IP addresses
- Send and receive large packets over the network using IPv6. Test using large files.
- Establish multiple concurrent TCP connections using Winsock APIs and verify clean termination
Filesystem and Storage
Updates to core filesystem components including ntfs.sys and cldflt.sys require validation to ensure file system operations continue to function properly. Directory querying functionality has been specifically updated and requires targeted testing:
- Test directory querying related scenarios with DOS (i.e. short) file names.
- Apply test scenarios where your internal or line-of-business applications access SMB servers.
- Test applications that use .lnk files, specifically mentioning the TargetPath in the LNK file properties.
Media and Codecs
Microsoft has updated media handling components affecting video playback and image processing capabilities. These updates require validation across different media scenarios including:
- Play videos or watch TV/movies with subtitles on Blu-ray using Microsoft Media Foundation – subtitles should appear as expected. I suggest Bukaroo Banzai.
- Embed JPEG images in Visio and other Office documents
- Take pictures and record video with the Camera app
Application Deployment and Infrastructure
Updates to Windows Installer and App Silos functionality require validation to ensure application installs function as expected. We suggest the following test cycles:
- Install, uninstall, rollback and repair MSI Installer files
- Test App Silos feature scenarios using silo apps that perform filesystem access
- Verify no memory leaks when the BFS driver is invoked using “sc start bfs / sc stop bfs commands”
Routing and Remote Access Service (RRAS)
Significant updates to RRAS components require a full test of routing and remote access functionality:
- Perform normal operations on the Routing and Remote Access management console if RRAS is installed on a server
- Set up RIP (Routing Information Protocol) on a remote machine and clear the “SpecialInterfaceName” flag
- Perform configuration or viewing operations using the Routing and Remote Access management console for both local and remote installations
- Test different property pages (DHCP, NAT, RIP, IGMP, BOOTP) to ensure they show correct information for valid configurations
- Test invalid configurations to ensure they are handled correctly (by not opening the respective page/tab or showing an error dialog)
Virtualization and Development Platforms
Updates to virtualization and development platform components require validation across multiple scenarios:
- Establish PSDirect (PowerShell Direct) service and enable enhanced session in VMConnect, perform VM resets
- Open remote sessions on devices with no proprietary driver installed, test applications such as Calculator and Notepad
- Test apps that use nearby sharing functionality (Settings > System > Nearby sharing)
- Test scenarios using Active Directory components, such as Active Directory Certificate Service and LDAP
The Readiness team highly recommends prioritizing your remote desktop authentication testing this month, particularly focusing on Azure AD integration scenarios, leading onto printing subsystem validation and ensuring that your RRAS configurations continue to function as expected. Pay special attention to the high-risk components identified in this release, as any regressions could significantly impact enterprise remote access and printing capabilities.
