Admins in outcry as Microsoft fix borks Group Policy

After Patch Tuesday comes Facepalm Wednesday

Facepalm from Shutterstock

Microsoft's most recent security update is causing problems with Windows Group Policy settings.

Users on Reddit and Microsoft support forums are reporting that after the MS16-072 update was installed, changes were made in Group Policy object (GPO) settings that left previously hidden drives and devices accessible.

"I installed windows patches last night and this morning found out that there were a number of issues with my GPOs," writes one admin.

"Example: desktop image would not show up, A, B, C and D drives that were meant to be hidden from users are now showing up."

Other users report having printers and drive maps become inaccessible and security group settings no longer applying.

The users report that uninstalling the MS16-072 update from PCs and servers remedies the problem, though it is at the expense of leaving the underlying security vulnerability open. Admins can also opt not to deploy the update through WSUS controls.

The CVE-2016-3223 flaw, described in MS16-072, allows an attacker with local network access to set up a man-in-the-middle attack to read data being passed between the target machine and domain controller. Microsoft has rated the bulletin as an "important" priority for all supported versions of Windows.

The bulletin was one of 16 posted by Microsoft yesterday as part of its monthly update schedule. MS16-072 was one of 11 bulletins rated "important," behind five "critical" bulletins.

El Reg has asked Microsoft for comment on the matter but has yet to hear back from Redmond at the time of publication. ®

Biting the hand that feeds IT © 1998–2017