Each month, the team at Readiness analyses the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact on the Windows platforms and application installations.
Given the large number of changes included in this October patch cycle, I have broken down the testing scenarios into a high risk and standard risk groups:
One of the hardest areas on the Windows (both desktop and server) platform to update is the Windows Kernel subsystem. This core sub-system manages security, access low-level services, drivers, and the Hardware Abstraction Layer (HAL). Given its importance, the Kernel layer is key to delivering most services and applications on Windows. Changing this core system generally translates to a high-risk of a component, service or application not behaving as expected. Thus, testing is key and also very hard to do right.
This month Microsoft has updated both the Kernel and GDI subsystems at a core level. At Readiness, we have looked at these (GDI and Kernel level) changes and they are both minor and far-reaching. Rather than a specific test guidance plan, we recommend a “smoke” test for your commonly used applications and a business logic focused test effort for your critical or line-of-business applications (your top 20 apps?).
All these scenarios will require significant application-level testing before a general deployment of this month’s update. In addition to these listed specific testing requirements, we suggest a general test of the following printing features.
- Test your Windows Error Reporting systems (logs and error reports with a Create/Read/Update/Delete/Extend (CRUDE) test cycle.
- Watch out for heavy GPU usage (we suggest trying out AutoCAD or Bloomberg).
- Test your VPN connections – a simple connect/disconnect test will suffice this month.
- Due to an update to the Windows WAV file codecs, a small test cycle of audio files should be included for this October update.
Stressing about the latest WordPad security vulnerability? Unfortunately, we still have to test our Rich-text-formatted (RTF) files this month as well. This follows on from last month’s Notepad++’s vulnerabilities which included: CVE-2023-40031, CVE-2023-40036, CVE-2023-40164 and CVE-2023-40166. At this rate, Microsoft may just decide to remove all (free) text editors from Windows.