117 updates (and 5 zero-day flaws) – Computerworld

Microsoft SQL Server

With two updates this month, desktop (or client) testing will be required for data-driven applications. We recommend that the following SQL-related tests be included for October:

• Validate SQL Commands and stored procedures.
• Ensure data “Refresh” operations perform correctly with Microsoft Active Data (ADOX) objects. These are difficult operations to debug due to the generally large number of inter-connected objects (databases and systems) and the business criticality of these systems. Start early on this effort.
• Test queries that accept large numbers of parameters. SQL parameter boundary testing is probably a good idea.

Windows

While the primary testing scenario for this update is really to test printing, there is a lot to check. Microsoft has made significant changes to broad areas in networking, low-level changes to the Kernel and graphics handler (GDI), and updates to core features including Microsoft Hyper-V. A feature-by-feature testing regime should include:

• Networking: Test large file transfers (include IPv6) over remote desktop connections, VPNs and varied network conditions. Web browsing tests should include multiple simultaneous connections — and messaging applications such as Microsoft Teams should be included in this cycle.
• Security: Ensure that (internal) code still performs cryptographic functions accurately using RSA keys. Authentication should work correctly between both Microsoft and Linux systems. A validation of Kerberos client authentication will also be required.
• Remote Desktop: updates to Microsoft Routing and Remote Access Server (RRAS) server will require remote access administrative action testing. Remote desktop licensing will require functionality testing. And the remote desktop related APIs MprConfigFilterSetInfo and MprInfoBlockRemove  have been updated, so internally developed systems that connect with RRAS will require an authentication test.
• Windows Error Logs: Due to a change in the Windows Common Logging File System (CLFS) a quick test of resultant container files is required.

Again, the primary focus should be on testing printing. Rather than a simple (does it actually print) test, more complex print-related checks are required, including: