Each month, the team at Readiness analyses the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact on the Windows platforms and application installations.
Given the large number of system level changes included in this September patch cycle, I have broken down the testing scenarios into standard and high-risk profiles.
Microsoft has made a major announcement this month with a significant change to how 3rd party printer drivers are handled,
“With the release of Windows 10 21H2, Windows offers inbox support for Mopria compliant printer devices over network and USB interfaces via the Microsoft IPP Class Driver. This removes the need for print device manufacturers to provide their own installers, drivers, utilities.”
With this announcement, Microsoft has also published an end to servicing legacy (V3 and V4) Windows printer drivers and offers the following support timeline.
- September 2023: Announce legacy third-party printer driver for Windows end of servicing plan.
- September 2025: No new printer drivers will be published to Windows Update.
- 2026: Printer driver ranking order modified to always prefer Windows IPP inbox class driver.
- 2027: Except for security-related fixes, third-party printer driver updates will no longer be allowed.
The assumption here is that all Windows printing providers will subscribe to the Mopria (an association of printer and scanner manufacturers that produce universal standards and solutions for scan and print) standard. This make sense and will hopefully reduce the attack surface of printer drivers that have caused so much trouble over the years.
Due to this key change in printer handling the following tests are suggested:
- Test all of your printers – with your full production testing regime (sorry about this).
- Enable different advanced printer features (e.g., watermarking) and run printing tests.
- Test your printing over RDP and VPN connections.
- Install/update/uninstall key printing software.
The following changes have been included in this month’s update and have not been raised as either high risk (of unexpected outcomes) and do not include functional changes.
- Test out your security restrictions/sandbox when using Microsoft Intune and Windows Defender Application control (WDAC). Applications should install and uninstall as expected.
- Ensure successful “CRUD” tests complete for your Windows error logs. This should include: Create, Read, Update and Delete. Actually, this should read CRUDE – as we need to add Extend to this month’s log testing regime. Find the laughs where you can.
- An update to the core graphics handling in Windows (GDI.DLL) requires testing wireless displays on laptops.
There has been a major update to the Windows networking stack this month. This includes changes to how DHCP handles failover relationships. Testing should include the following:
- Conduct ping request/reply tests (for both inside and outside your network)
- Ping major search engines (try Bing?) using both IPv4 and IPv
Automated testing will help with these scenarios (especially a testing platform that offers a “delta” or comparison between builds). However, for your line of business applications getting the application owner (doing UAT) to test and approve the testing results is still absolutely essential.