February Patch Tuesday Testing Guidance
Each month, the team at Readiness analyses the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact on the Windows platforms and application installations.
For this February release cycle from Microsoft, we have grouped the critical updates and required testing efforts in to functional area including:
Security
- Applocker: Test basic functionality of applocker, including deploying applocker policies.
- Secure Launch has been updated. Administrators can ensure that Secure Launch is working through the Microsoft utility MSINFO32.EXE.
Networking
- DNS has been updated for all Windows platforms including changes to RRSIG and DNSKEY (settings which are used to decrypt/validate hash records). Microsoft has offered some guidance on securing/validating DNS responses for Windows Server found here and has provided some syntax and examples to test out DNS query resolutions.
- RPC clients for internal applications will require a full end-to-end test cycle.
- Internet Shortcuts has been updated and will require some testing on both online trusted and untrusted sources.
- Internet Connection Sharing (ICS) will also require a test this month, with tests run on both host and client machines.
Developers and Development Tools
- Microsoft has updated the core component Microsoft Message Queue (MSMQ) which will affect Message Queue Services, its related Routing service and DCOM proxy. Testing must include online browsing, video/audio streaming for any affected application.
- SQL OLEDB has been updated which will require database administrators to test out their database connections and basic SQL commands.
Microsoft Office
- Due to the changes to Adobe Reader and the PDF file format this month, Microsoft Word users should include a test to open, save and print PDF files
- Outlook users should test opening mail, calendar items with a test of opening a backup Outlook data file
And, this month, Microsoft has added a new feature to the Microsoft .NET CORE offering with SignalR. Microsoft offers that,
“ASP.NET SignalR is a library for ASP.NET developers that simplifies the process of adding real-time web functionality to applications. Real-time web functionality is the ability to have server code push content to connected clients instantly as it becomes available, rather than having the server wait for a client to request new data.”
You can find documentation on getting started with SignalR here.
Automated testing will help with these scenarios (especially a testing platform that offers a “delta” or comparison between builds). However, for your line of business applications getting the application owner (doing UAT) to test and approve the testing results is still absolutely essential.