Microsoft presents us with a light Patch Tuesday for December


With just 58 updates to deal with this month, the December Patch Tuesday should make for a welcome  light-duty patch-and-test cycle. There were no zero-days or reports of publicly exploited security issues, though there is a critical update to Microsoft Exchange Server that should be a priority. But we saw less pressure on the Windows, browser, and Office updates.

Microsoft has also released two Servicestack Updates (SSUs) for its desktop and server platforms (ADV990001) and an update to the Chromium project (ADV200002).

Our helpful infographic this month looks a little lopsided, as all of the attention should be on the Windows components

Key testing scenarios

Working with Microsoft, we have developed a system that interrogates Microsoft updates and matches any file changes (deltas) each month against our testing library. The result is a “hot-spot” testing matrix that helps drive our portfolio testing. This month, our analysis of this Patch Tuesday release generated the following testing scenarios:

  • Printing: One of the core subsystems has been updated for the Microsoft Windows desktop ecosystem: SPLWOW64. This process handles printing requests from Win32 processes and this month, Microsoft has enforced a measure of “messaging hygiene” in how this process reads requests — and how it manages the size of those requests. We recommend that you run test print jobs from all of your browsers, Office, and your core line of business applications. Hint: print different sizes of documents ,go for the larger ones, and try printing to a file (PDF).
  • Windows Defender and Hyper-V: Ensure that read-only requests are properly handled in your Hyper-V containers and sand-boxes and that Windows Defender Application Guard (WDAG) properly handles READ-ONLY requests.
  • Microsoft OneDrive: We think a verified copy of 1-2000 files up to Microsoft’s cloud storage would be wise.
  • Microsoft Edge: Test your legacy applications in Microsoft Edge.

Known issues

Each month, Microsoft includes a list of known issues that relate to the operating system and platforms included in this update cycle. I have referenced a few key issues that relate to the latest builds from Microsoft, including:

  • When updating to December’s last service stack, some system and user certificates might be lost when updating a device from Windows 10, version 1809 or later to a later version of Windows 10. 

You can also find Microsoft’s summary of known issues for this release in a single page.

Copyright © 2020 IDG Communications, Inc.



Source link