An eerie Patch Tuesday for October: 117 patches (and 5 undisclosed vulnerabilities)
Microsoft SQL Server
For this month, two updates have been released calling for desktop (or client) validation to be conducted for data-driven applications.
Microsoft SQL Server
For this month, two updates have been released calling for desktop (or client) validation to be conducted for data-driven applications. We suggest the following SQL-centric assessments for October:
• Validate SQL Commands and stored procedures.
• Verify the proper execution of data “Refresh” operations with Microsoft Active Data (ADOX) entities. These operations are intricate to troubleshoot given the vast number of interconnected elements (databases and systems) and the critical importance of these systems. Kickstart this endeavor in its initial stages.
• Conduct testing on queries that accept a large quantity of parameters. Testing the boundaries of SQL parameters is likely advisable.
Windows
While the central testing focus of this update centers around verifying printing functions, a comprehensive examination is necessary. Microsoft has introduced substantial modifications to various networking areas, low-level adjustments to the Kernel and graphics handler (GDI), and enhancements to core features like Microsoft Hyper-V. An evaluation framework that covers each feature individually should entail:
• Networking: Evaluate the transmission of large files (incorporating IPv6) through remote desktop connections, VPNs, and under diverse network scenarios. Web browsing trials should encompass multiple concurrent connections, and messaging apps such as Microsoft Teams ought to be a part of this cycle.
• Security: Ensure that cryptographic functions are correctly executed using RSA keys in (internal) code. Authentication between Microsoft and Linux systems should operate seamlessly. An assessment of Kerberos client authentication will also be essential.
• Remote Desktop: Updates to the Microsoft Routing and Remote Access Server (RRAS) server will necessitate testing of remote access administrative actions. Functionality testing is essential for remote desktop licensing. Moreover, updated remote desktop-related APIs like MprConfigFilterSetInfo and MprInfoBlockRemove demand authentication tests for internally developed systems interfacing with RRAS.
• Windows Error Logs: Owing to alterations in the Windows Common Logging File System (CLFS), prompt verification of resultant container files is mandated.
Once more, the core emphasis lies on scrutinizing printing functionalities. Beyond a mere check on printing itself, intricate assessments related to printing are mandatory, such as:
About Author
