Each month, the team at Readiness analyses the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact on the Windows platforms and application installations.
Given the large number of changes included in this February patch cycle, I have broken down the testing scenarios into a high risk and standard risk groups:
High Risk:
As all the high-risk changes affect the Microsoft Windows printing sub-system again this month, we have not seen any published functionality changes) we strongly recommend the following printing focused testing:
- The Microsoft “MS Publisher Imagesetter” has been updated significantly this month. These are built-in drivers which are now over a decade old. There has been reports of bad printing quality because of using these drivers and so an update was definitely needed.
- Test printing using V3 printer drivers with both colour and black-white. Check for missing content.
- There has been an update to how Windows handles URL’s, especially when printing. A quick run-through of opening web pages that reference Microsoft Word, PowerPoint and Excel and then exercising a simple print job should highlight any issues.
All these scenarios will require significant application-level testing before a general deployment of this month’s update. In addition to these listed specific testing requirements, we suggest a general test of the following printing features
- 32-bit applications that require printing on 64-bit devices will require testing. Pay attention to application exit as this may generate memory related errors.
- Test your backup systems and ensure that your error and related system logs appear correct
- Test your VPN connections if you are using the PEAP protocol. This protocol changes frequently, we recommend that you subscribe to the Microsoft RSS feed for future changes.
- Test your ODBC connections, database, and SQL commands
Though you won’t have to conduct large file transfer testing this month, we highly recommend testing (very) long UNC paths from different machines. Our focus was on network paths accessing multiple machines across different versions of Windows. In addition to these specific testing scenarios, Microsoft updated the system kernel and core graphics components (GDI). Definitely “smoke test” your core or line-of-business applications and pay attention to graphics intensive applications.
Given the rapid changes and frequent updates to applications (and their dependencies) in a modern application portfolio, ensure that your systems are “cleanly” uninstalling previous application versions. Leaving legacy applications or remnant components could expose your system to patched vulnerabilities.