July’s Patch Tuesday sees an end-of-support collision amidst a massive, record-setting patch wave

Printing and graphics (high risk)

The Print Spooler flag plays a pivotal role in monitoring shared printers, ensuring that the queue status accurately reflects the progression of print jobs. Meanwhile, the win32k flags encompass various aspects of 32-bit application printing, including font rendering in both printed and exported outputs, on-screen rendering, and window management. Additionally, the GDI+ flags are dedicated to handling metafiles.

  • Enable printer sharing from a print server, allowing clients to print in diverse sizes and formats, while also having the capability to cancel jobs and verify that the queue mirrors every state change.
  • Facilitate printing from 32-bit applications, accommodating text-heavy, graphics-rich, and multi-page documents to both physical and virtual printers (such as PDF or XPS), ensuring consistency even after adjusting orientation, scaling, and resolution.
  • Export documents featuring various fonts to PDF, confirming that both fonts and layout remain intact; render EMF+ files that apply effects to large images, and convert EMF files to WMF format.
  • Efficiently open and close windows, navigate common dialogs using both mouse and keyboard, and ensure that no orphaned windows remain when closing parent windows with child windows open.

Storage and file systems (high risk)

In the realm of storage and file systems, both NTFS high-risk flags focus on maintaining integrity—specifically through extended attributes and ensuring volume recovery following unexpected shutdowns. Additionally, File History is equipped with its own high-risk flag on client systems. A comprehensive Windows Server 2025-only bundle addresses boot processes, BitLocker, and ReFS, necessitating the complete Secure Boot/BitLocker matrix. Notably, eight entries are exclusive to Server 2025, which includes WSL, GPU partitioning, and a scripted Windows Server Backup pass that repeats recovery after advancing the date by 90 days.

  • Utilize NTFS extended attributes, incorporating older-system EAs, backup workflows that preserve these attributes, and concurrent operations on the same file where supported, all while antivirus, encryption, or storage filters remain active.
  • Simulate an unexpected shutdown during file activity, ensuring the volume mounts correctly, running chkdsk, and confirming that indexing, shadow copies, and backups continue to function as intended.
  • Conduct a complete File History pass: back up files, make modifications, and back up again, with options to exclude folders, adjust backup frequency, and relocate the destination.
  • On Server 2025, initiate all four combinations of Secure Boot/BitLocker across standard and confidential VMs where applicable.

Devices, input and networking (high risk)

This section introduces three additional high-risk flags: HID input (managed by hidparse.sys in conjunction with win32k), which encompasses touch, keyboard, mouse, and touchpad functionalities through disconnections and restarts; the WinSock bundle, which includes afd.sys along with Bluetooth and multicast drivers; and IrDA. Interestingly, the most demanding requirement is not categorized as high risk: the NetAdapterCx driver (applicable for 24H2/25H2 and Server 2025) necessitates over 500 enable-disable cycles under Driver Verifier.

Winsage
July's Patch Tuesday sees an end-of-support collision amidst a massive, record-setting patch wave