Testing Guidance

June 2026 Patch Tuesday Testing Guidance

By ·

Readiness June 2026 Testing Guidance card showing deer and fawns in a garden, with the Readiness and Microsoft marks, by Greg Lambert

Microsoft’s June 2026 Patch Tuesday is a security-only release with a clear centre of gravity: the Remote Desktop client. The Remote Desktop ActiveX control (mstscax.dll) is the most-patched component this cycle with five separate updates, and it carries the month’s single High Risk flag, on printer redirection. The secondary theme is Windows authentication, with three updates to the NTLM security package. Every Windows binary this month reports no functional changes, so the work is pure regression validation. Lower-risk patches reach DHCP, telephony, Hyper-V, UDF and Projected File System storage, and the graphics stack.

Remote Desktop Client (High Risk)

The Remote Desktop client (mstscax.dll) draws the most fixes this month, and the High Risk flag lands specifically on printer redirection — the path that maps a client’s local printers into a remote session. A regression here typically shows as missing redirected printers, failed print jobs, or a hang on connect or reconnect. The wider Remote Desktop stack is also updated, including RemoteApp and clipboard redirection (rdpclip.exe, RdpCoreTS.dll) and Remote Desktop Licensing (lserver.dll), so validate connection, session, and licensing together.

A passing run is a remote session that connects, redirects printers, prints, and survives a reconnect with no crashes or missing devices.

  • Connect with Remote Desktop Connection (mstsc.exe) to a test host, enable printer redirection in Local Resources, and confirm redirected printers appear in the session
  • Print a test page from an app in the session to a redirected printer; repeat with two or more client printers installed
  • Disconnect and reconnect the session, then confirm the redirected printers are still present and usable
  • Repeat the printer test in both a full desktop session and a RemoteApp session where used
  • Exercise general remote access: connect through a Remote Desktop Gateway, use VMConnect to reach a VM, and verify clipboard and device redirection
  • On a Remote Desktop Licensing server, confirm clients connect with licensing enabled, across Per User and Per Device modes

Windows Authentication (NTLM)

Three updates touch the NTLM security support provider (msv1_0.dll), the module behind network authentication when Kerberos is not used. Authentication changes are regression-sensitive: the failure modes are logon failures, broken file-share or RDP access, and application sign-in problems. Validate across domain-joined and workgroup machines.

  • Sign in to domain-joined and standalone machines with domain, local, and cached credentials after a reboot
  • Access SMB file shares by host name and IP, including paths that fall back to NTLM, and confirm authenticated reads and writes
  • Authenticate to a Remote Desktop host and to line-of-business applications that rely on integrated Windows authentication
  • Watch the Security event log for new logon-failure or audit anomalies during the test window

Other Windows Components

The remaining updates carry no functional changes, so cover them with routine regression by area.

  • Networking: exercise DHCP lease, renewal, and release on IPv4 and IPv6 (dhcpcore), sustained socket traffic over the WinSock driver (afd.sys, two updates), HTTP.sys request handling under IIS, and TAPI telephony integrations (tapisrv.dll)
  • Virtualisation: boot Generation 1 and Generation 2 VMs, including nested virtualisation, to cover the Hyper-V hypervisor (hvix64/hvax64), and connect a VM through an external virtual switch (toggling NIC RSS) to cover vmswitch.sys
  • Storage and filesystems: read and write UDF-formatted media (udfs.sys), exercise the Projected File System minifilter (prjflt.sys), and validate cloud files hydration and Work Folders sync (cldflt.sys, workfolders.exe), including a ReFS volume with BitLocker enabled
  • Graphics and shell: run GPU-accelerated and 2D rendering workloads to cover Direct2D (d2d1.dll), GDI+ (gdiplus.dll), the Desktop Window Manager (dwmcore.dll), the Windows Imaging Component (windowscodecs.dll), and UI Automation (UiaManager.dll); watch for artefacts and accessibility regressions
  • Notifications and input: open apps that raise toast and push notifications (wpnapps.dll, wpncore.dll) and verify Text Services Framework input across keyboard layouts and IMEs (msctf.dll)

Office & SharePoint

June’s Office updates are MSI editions only, released on the 9 June security wave: Excel 2016 (KB5002877), Word 2016 (KB5002879), Office 2016 shared components (KB5002878, KB5002852, and the rich-edit control KB5002578), and Office Online Server 2019 (KB5002875). The shared Office 2016 component updates also apply to the SharePoint Server 2016, 2019, and Subscription Edition baselines. No Critical non-security client release ships this cycle, and Click-to-Run estates are unaffected.

  • Open complex Excel workbooks with formulas, macros, and external data connections; save and reopen to verify integrity
  • Edit Word documents with embedded objects, tracked changes, and rich formatting that exercises the rich-edit control
  • On the SharePoint Server baselines (2016, 2019, Subscription Edition) and Office Online Server, validate document library operations, co-authoring, and browser-based viewing and editing
  • Confirm Office add-ins and line-of-business integrations continue to operate

Developer Tools & Databases

June updates the .NET SDK across the 8.0, 9.0, and 10.0 servicing lines (8.0.422, 9.0.315, 10.0.301), and ships SQL Server GDR security updates spanning SQL Server 2016 SP3 through SQL Server 2025, in both RTM+GDR and cumulative-update+GDR branches.

  • After installing the .NET SDK update, build and run representative applications and confirm existing projects compile and execute normally
  • For SQL Server, install the GDR update onto the matching baseline or cumulative-update branch, then restart the service and run standard transactions
  • Verify a backup and restore, confirm Always On availability groups stay healthy, and test patch install and removal on each servicing branch in use

June 2026 Patch Tuesday Testing Priorities

Lead with Remote Desktop. The client is both the most-patched component and the sole High Risk item, so give it a focused regression pass centred on printer redirection, then broaden to general connectivity, RemoteApp, clipboard and device redirection, gateway access, and licensing. The NTLM authentication updates are the second priority: validate domain and standalone logon, file-share access, and application sign-in. Everything else is a no-functional-change security update, so cover networking, Hyper-V, storage, and graphics with routine regression. Office is MSI-only, with Click-to-Run untouched, and the .NET and SQL Server updates round out the developer and database estate.

#patch-tuesday#testing-guidance#windows-11#windows-server