Patch Tuesday Testing Guidance

July Patch Tuesday Testing Guidance

Greg Lambert
July 10, 2024
3 minutes

Each month, the team at Readiness analyses the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact on the Windows platforms and application installations.

For this July release cycle from Microsoft, we have grouped the critical updates and required testing efforts into different functional areas including:

Microsoft Office

  • Test out your Teams logins this Patch Tuesday (shouldn’t take too long)
  • SharePoint was updated and so this month, 3rd party extensions or dependencies will require testing.
  • Due to the change in Outlook, Internet Calendars (ICS files) will require testing.
  • With the Visio update this month, large CAD drawings will require a basic import and load test

Microsoft .NET and Developer Tools

Microsoft has updated the Microsoft .NET, MSI Installer and Visual Studio with the following testing guidance:

  • PowerShell updates will require a diagnostics test. Try the command, “import-module Microsoft.powershell.diagnostics – verbose” and validate that you are getting the correct results from your home directory.
  • Due to the change in the Windows core installation technology (MSI) validating that User Account Control (UAC) still functions as expected.

Microsoft SQL Server

This month is a huge update to both Microsoft SQL Server and the local, or workstation supporting elements of OLE. The primary focus for this kind of complex effort should be your line-of-business or core applications. These are the applications that have multiple data connections and rely on complex multiple object/session requirements. Due to the changes this month, we can’t recommend specific Windows feature testing regimes as we are most concerned that the business logic (and resulting data) of the application in question may be affected. Only you will know what looks good, and so we advise on a comparative testing regime across unpatched and newly patched systems – looking for data disparities.

Windows

For this July update, Microsoft has made another update to the Win32 and GDI subsystems with a recommendation to test out a significant portion of your application portfolio. We also recommend that you test out the following functional areas in the Windows platform:

  • File compression has been updated this month, so file and archive extraction scenarios will need to be exercised.
  • Due to the Microsoft codec updates, perform a system reboot and test that your audio and camera still work together.
  • Security updates will require the testing of the creation of new Windows certificates.
  • Networking changes will require a test of DNS and DHCP, specifically the DHCP R_DhcpAddSubnetElement API. As part of these changes, testing VPN authentication will be required. Try to include your Network Policy Server (NPS) as part of the connection creation and deletion effort.
  • This month’s update to Remote Desktop Services (RDS) will require the creation and revocation of licence requests.
  • A significant update to the Network Driver Interface Specification (NDIS) will require testing of network traffic involving repeated bursts of large files. Try using Teams while this networking burst testing is in progress.
  • Backup and printing have been updated, so test your volumes and ensure that when you print out a test page, that your OS does not crash (yes, really). Try printing out TIFF files. Hey, you might like it.

As part of the ongoing effort to support the new ARM architecture, Microsoft has released the first patch for this new platform with the release of CVE-2024-37985. This is an Intel assigned processor level vulnerability that has been mitigated by a Microsoft OS level patch. The Readiness team has provided guidance on potential ARM related compatibility and testing issues. Specifically, the Readiness team was concerned with Input Method Editors (IME’s) which match Microsoft’s testing guidance this month with the following advice to test input related features such as keyboard, mouse, touch, pen, gesture and dictation. Some internet shortcuts may be affected as well as wallpaper displays.

Greg Lambert

CEO, Product Evangelist
Greg Lambert is the CEO and product evangelist for Application Readiness Inc. Greg is a co-founder of ChangeBASE and has considerable experience with application packaging technology and its deployment.

Planning business modernization projects?

  • Windows 10/11 migration
  • MS server 2022
  • Migration to Azure

Is your application estate ready?

Assurance.

Unbounded.

3 months of patch protection, assessments and dependency reports for your entire portfolio.

  • No cost
  • No limit of applications
  • No software needed
  • No infrastructure required
  • No obligation
Contact us to get started