Testing Guidance for April 2024 Patch Tuesday
Testing Guidance
Each month, the team at Readiness analyses the latest Patch Tuesday updates from Microsoft and provides detailed, actionable testing guidance. This guidance is based on assessing a large application portfolio and a detailed analysis of the Microsoft patches and their potential impact on the Windows platforms and application installations.
For this April release cycle from Microsoft, we have grouped the critical updates and required testing efforts in to functional area including:
Microsoft SQL Server
- Make SQL connections with different versions of SQL Server.
- Run basic SQL commands to fetch data from a server.
- Test bulk import/export functionality using the BCP (bulk copy) feature
Windows
The following core Microsoft features have updated this month including:
File Management
- Test scenarios involving tar.exe or the native support of archives in Windows.
- Test end-to-end scenarios involving File Management Tasks and Storage Reports Management.
Crypto:
- est scenarios that utilize crypt APIs. Pay special attention to any operation that relies on CryptDecodeObject or CryptDecodeObjectEx.
- Test cryptographic operations and key generation, particularly in VTL1 environments.
- Test variations of replications on different types of files and folders. Test both large and small files.
DHCP:
- Test functional scenarios where Client DUID is a required parameter.
- Send Message with VendorOption of DomainName.
- Check whether the client UID provided to the RPC API.
DNS:
- Test virtual instance and zone management scenarios.
Remote Desktop and Connections:
- Test out point-to-point connections and RRAS servers using the MPRAPI protocols.
- Test your VPN connections with a connect/disconnect, delete and repeat test cycle.
Automated testing will help with these scenarios (especially a testing platform that offers a “delta” or comparison between builds). However, for your line of business applications getting the application owner (doing UAT) to test and approve the testing results is still absolutely essential.
There has been a large number of updates to Microsoft SQL components within Windows and how OLE operates wth other windows features. Applications that require these kind of “cooperative” interactions are generally, complex line of business applications. Trouble-shooting these update scenarios are generally complex and time consuming.
To prevent downtime, expensive faults and potentially damaging compliance issues, we fully recommend an audit of your application portfolio, identifying SQLOLE, OLEDB and ODBC dependencies with an assessment and testing plan before general deployment of this month’s April Patch Tuesday release from Microsoft