This is a relatively light Patch Tuesday update from Microsoft, though wo significant vulnerabilities in the Windows platform (CVE-2021-38631 and CVE-2021-41371), both relating to Remote Desktop Protocol handling, have been disclosed and are lending some urgency to applying Windows updates. And we have another technically challenging update to Microsoft Exchange Server to manage as well.

Pay close attention to the Servicing Stack Updates (SSU) this month, as it may affect how your applications install (with particular focus on the un-installation process). Microsoft has already said there will not be a C patch cycle release next month, which means the December Patch Tuesday release should be light. You can find more information about the risk of deploying these Patch Tuesday updates with this infographic.

Key testing scenarios

There are no reported high-risk changes to the Windows platform this month. However, there is one reported functional change, and an additional feature:

  • You will have to test your printers again. Try using Notepad first, then Adobe Reader (PDFs) and include images (PNG, JPG, BMP). Testing is especially important if you have V3 printer drivers.
  • If your line-of-business apps are using COM (or heaven forbid DCOM), you will need a full burn-in test. Changes in the COM STA Threading model could lead to difficult trouble-shooting scenarios.
  • Using the Microsoft Movies and TV application, play MP4 videos and check for audio issues.
  • You may not be using Internet explorer (IE), but applications may have dependencies on IE components (IEFRAME.DLL). Assess your application portfolio for this key dependency, and then test for Office component integration issues and tabbed browsing.
  • Also, have a look at Microsoft Timeline, as minor changes have been made to how your data is managed.

The biggest issue (or engineering task) this month is the need to validate that your applications install, repair, update, and uninstall correctly. Check your Windows Installer logs (0’s for success). I think this is a big job as we commonly focus on application installations; this time we have to look at how applications are uninstalled. Once an application has been uninstalled, the target machine should be clean, error logs empty, and no applications broken. Getting this right will allow for the next MSI Installer update to run smoothly.

Known issues

Each month, Microsoft includes a list of known issues that relate to the operating system and platforms included in this update cycle. Here are a few key issues that relate to the latest builds from Microsoft, including:

  • After installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, “PSFX_E_MATCHING_BINARY_MISSING.” For more information and a workaround, see KB5005322.
  • Some Windows 10 LTSC systems are encountering an issue after installing KB4493509. Devices with some Asian language packs installed may receive the error, “0x800f0982 – PSFX_E_MATCHING_COMPONENT_NOT_FOUND.” Microsoft is currently working on a fix.
  • Windows print clients might encounter the following errors when connecting to a remote printer shared on a Windows print server: 0x000006e4 (RPC_S_CANNOT_SUPPORT), 0x0000007c (ERROR_INVALID_LEVEL), 0x00000709 (ERROR_INVALID_PRINTER_NAME). Microsoft is working on this issue. We expect that there may be an OOB update to address these before December’s B release (Patch Tuesday). The good news here is that most of these reported printer issues relate to corporate environments (e.g., printer servers combined with a domain controller); most home users will not be affected by the security concerns or printing problems.

After installing this month’s Microsoft update, connecting to devices in an untrusted domain using Remote Desktop might fail to authenticate when using smart card authentication. You might receive the prompt “Your credentials did not work.” This issue is resolved using Known Issue Rollback (KIR) — which is kind of exciting. Microsoft now allows for policy-driven execution paths of managed code. In case you encounter issues, you can roll back the execution path of the affected files, putting that piece of code back to a “pre-patch” state. To do this successfully, you need to make sure you have the correct policy files for your platform. You can find the relevant policy files for each Windows version here:

Copyright © 2021 IDG Communications, Inc.

Source link