The Patch of Doom: MS16-072

Microsoft patch MS16-072 has been reported to cause numerous problems related to Group Policy when applied to desktops and servers.  Issues reported have to do with hidden drives becoming unhidden as well as drive mapping and printing issues.

Upon my initial review it looks like the problems may all be related to people having the security setup of their Group Policies not adhere to best practice.  Specifically:

  • Authenticated Users group needs Read Permissions on the Group Policy Object (GPO) in question.
  • If you are security filtering is used, then the Domain Computers group needs to have read permission on the GPO in question.

The following patches all appear to contain the MS16-072 patch.  If you are trying to avoid this patch then you need to exclude all of the below patches:

3159398, MS16-072: Description of the security update for Group Policy: June 14, 2016
3163017, Cumulative update for Windows 10: June 14, 2016
3163018, Cumulative update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: June 14, 2016
3163016, Cumulative Update for Windows Server 2016 Technical Preview 5: June 14 2016

Related

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.