Each month, the team at Readiness analyses the latest monthly updates from Microsoft and provides testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact on the Windows platforms and application installations.
Given the large number of changes included in this December patch cycle, I have broken down the testing scenarios into a high risk and standard risk groups:
High Risk: For this December update cycle, Microsoft has not recorded any high-risk functionality changes. This means that Microsoft has not made major changes to core API’s or functionality to any of the core components or applications included in the Windows desktop and server ecosystems.
More generally, given the broad nature of this update (Office and Windows) we suggest the testing the following Windows features and components:
- Bluetooth: Microsoft has updated two sets of key API/Header files for Bluetooth drivers including: IOCTL_BTH_SDP_REMOVE_RECORD IOCTL and DeviceIoControl function. The key testing task here is to enable and then disable Bluetooth – ensuring that you data connections are still working as expected.
- GIT: The Git Virtual File System (VfSForGit) has been updated with changes to the file and registry mappings. You can read more about this key (internal) Windows development tool here.
In addition, these changes and subsequent testing requirements, I have included some of the more difficult testing scenarios for this December update:
- Windows Kernel Update: This month’s update includes a broad update to the Windows kernel (Win32kfull.sys) that will affect the primary desktop UI experience. Key features that are patched this month include: the Start menu, the settings applet and File Explorer. Given the huge UI testing surface, a larger testing group may be required for your initial roll-out of this update. If you can still see your desktop or taskbar, take that as a positive sign.
Following last month’s update to Kerberos authentication, there were several reported issues relating to authenticating, especially across remote desktop connections. Microsoft has detailed, the following scenarios and related issues that have been addressed this month:
- Domain users sign in might fail. This also might affect Active Directory Federation Services (AD FS) authentication.
- Group Managed Service Accounts (gMSA) used for services such as Internet Information Services (IIS Web Server) might fail to authenticate.
- Remote Desktop connections using domain users might fail to connect.
- You might be unable to access shared folders on workstations and file shares on servers.
- Printing that requires domain user authentication might fail.
All these scenarios will require significant testing before a general deployment of this month’s update.
Unless otherwise specified, we should now assume that each Patch Tuesday update will require testing of core printing functions including:
- printing from directly connected printers
- add a printer, and then remove a printer (this is new for December)
- large print jobs from servers (especially if they are also domain controllers)
- remote printing (using RDP and VPN’s)
- test physical and virtual scenarios with 32-bit apps on 64-bit machines