Each month, the team at Readiness analyses the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact on the Windows platforms and application installations.
For this September release cycle from Microsoft, we have grouped the critical updates and required testing efforts into separate product and functional areas including:
Microsoft SQL Server
Microsoft has released several updates to the Microsoft SQL Server platform that affects both Windows desktops and SQL Server installations including:
- Microsoft has released a significant update to all supported versions (2016-2022) of Microsoft SQL Server that will require a full installation test.
- Microsoft has updated a core Windows library (SQLOLEDB) that helps Windows applications communicate with SQL Server databases and tools. Though Microsoft has rated this change as low-risk, Readiness recommends a portfolio analysis that highlights all applications that depend on this data-bound communication approach and then a full test cycle for each identified application.
Due to the nature of this September SQL Server update, we highly recommend testing the patch itself and the patching process – with a view to the patch REMOVAL process. We understand that this will require time/skill/effort but it will be better than a full restore from backup.
Windows
Microsoft has made networking and memory handling security issues a focus for this September update with the following changes to the Windows platform:
- Due to an update to 64-bit to 32-bit memory handling in Windows (called thunking) 32-bit Camera applications will require testing on 64-bit machines this month. Using Microsoft Teams or playing a video from a USB drive would provide good testing coverage for this change.
- Virtual Machines (VM’s) that require a VPN will require connectivity testing this update cycle. In addition the following protocols PPP, PPTP, SSTP will require a basic connectivity test.
- A minor update to Windows defender will require basic testing for your endpoint security this month.
- A minor update to the core networking functions in Windows will require a test of high network traffic this month. The focus should be on the transfer of large files using applications such Microsoft Teams, Outlook and Microsoft Edge.
Microsoft has delivered a significant update to the MSI Installer (application installer) sub-system that will require application install level testing for a portion of your application portfolio. Part of this update relates to how shell links are handled in the storage subsystem which may cause redirected folders or shortcuts to behave unexpectedly during an application installation, particularly during secure or locked-down configurations.
We suggest that installations, rollbacks, un-installations and UAC checks are validated this month. Checking for “zero” exit codes on the MSI Installer log is always a good start.