Each month, the team at Readiness analyses the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact on the Windows platforms and application installations.
For this August release cycle from Microsoft, we have grouped the critical updates and required testing efforts into different functional areas including:
Microsoft Office
Due to the changes to Microsoft Outlook and .NET components this August, we recommend a full test of sending/receiving mails with HTML content.
Microsoft .NET and Developer Tools
Microsoft has updated both Microsoft .NET (Version 8) and Visual Studio 2022 this month with the following testing recommendations
- Due to the update to System.Net.Mail.SmtpClient will require a test of sending mail over TLS with a HTTP body.
Windows
With the release of the Windows updates for this August, Microsoft has put a real focus securing Windows networking features with updates to core system files such as AFD.SYS that will require the following testing:
- Network packets: try using a web browser to download and upload large files from both internal and external websites. Multicast senders will require validation on packet returns.
- Network sockets: check that bind, connect and listen functions work as expected. Close socket functions will require testing this month as well.
- Smartcards: full logon/logoff testing will be required
- Network Bridges: This month’s update will require testing across two more network adapters. Trying creating a bridge using IPv6 packets.
- Bluetooth: Sending files across two Bluetooth adapters will require testing for August
- DNS: Recursive DNS queries will require a basic test. Have a look for any SERVFAIL returns or time-outs. We also suggest trying NETSH to configure proxy settings.
- Remote Desktop: Test out remote configurations on RRAS platforms while using copy/paste functions over a VPN.
In addition to these networking focused changes released this month, Microsoft has updated these core features in the Windows desktop and server platforms that include:
- Windows Error logs: a complete CRUD test (create, read, update and delete) will be required for Windows log files this month.
- Kerberos: Logon and certificate workflows will require validation this update cycle.
- Codec and camera updates will require a basic test of camera (both still and video) features.
- Hyper-V: With only minor changes this month to the Microsoft Hyper-V platform, a basic VM startup and shut-down test is recommended.
Microsoft has made a number of significant changes to the Windows filesystem this month (NTFS) with changes to both the NtQueryEaFile and NtSetEaFile file API’s. Unfortunately, a significant testing cycle is required for large file CRUD file tests – remembering to include a query component. The Readiness team suggests that a PowerShell test is also included in this testing cycle to assist with “pacing” rapid changes to the Windows file system.
Given recent challenges with CrowdStrike and BitLocker, Microsoft has published changes that will require testing of the Microsoft BitLocker recovery environment.