Well a new month of Microsoft update issues
June 23, 2016 Leave a comment
After a month without any [major] Patch Tuesday issues, we have one this month. MS16-072 [kb3163622 ] which is a security update for Group Policy may cause changed settings through the GPO are no longer retained, shortcuts to applications on user’s desktops are missing, left previously hidden drives and devices accessible, and drive mappings not to work. The issue is due to how customers have implemented Group Policy permissions.
Before MS16-072 is installed, user group policies were retrieved by using the user’s security context. After MS16-072 is installed, user group policies are retrieved by using the machines security context.
This issue may occur if the Group Policy Object is missing the Read permissions for the Authenticated Users group or if you are using security filtering and are missing Read permissions for the domain computers group.
To correct the situation use the Group Policy Management Console add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO). A well if you are using security filtering, add the Domain Computers group with read permission.
As well, if you have installed update rollup kb3156418 on Windows Server 2012 R2, the DFSRS.exe process may consume a high percentage CPU processing power (could approach 100%). This could cause the DFSR service to become unresponsive to the point at which the service cannot be stopped and you would be required to restart the server. The temporary workaround is to remove the update. Microsoft is aware of the issue.
[Updated 2016/06/22:] Now there is an issue with MS16-075 and MS16-076. They are related to Windows Netlogon and SMB Server. When you try to access a domain DFS namespace on a computer that is configured to require mutual authentication (by using the UNC Hardened Access feature), you receive an Access Denied error message. You need to make a registry change as described in KB3161561 as a workaround. Microsoft is investigating.
[Updated: 2016/06/29:] Added to the update woes this month, although it may not affect too many people, is the June 2016 rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 [KB3161606] that will affect for Hyper-V instances for Windows. The issue is related to the new HyperV-Integration-Service (KB3158626). The issue is related to the file wnetvsc.inf.