MS16-075 and MS16-076: Description of the security update for Windows Netlogon and SMB Server: June 14, 2016

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials More

Summary


This security update resolves a vulnerability in Microsoft Windows that could allow elevation of privilege if an attacker logs on to the system and runs a specially crafted application.


To learn more about the vulnerability, see Microsoft Security Bulletin MS16-075 and Microsoft Security Bulletin MS16-076.

More Information


Important
  • All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.
  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Known issues in this security update

  • Symptoms
    When you try to access a domain DFS namespace (such as \\contoso.com\SYSVOL) on a computer that is configured to require mutual authentication (by using the UNC Hardened Access feature), you receive an "Access Denied" error message. Additionally, you may receive a "0x000000e3" Stop error message.

    This problem may occur if the selected domain controller has security update 3161561 installed, and if the SmbServerNameHardeningLevel registry entry is configured to a non-zero value on the domain controller.

    Note This problem does not occur if you bypass the domain DFS namespace by directing the request to a specific domain controller (such as \\dc1.contosol.com\SYSVOL).

    Workaround
    To work around this problem, set the SmbServerNameHardeningLevel registry entry to 0. For more information about how to configure the SmbServerNameHardeningLevel entry, see the "Workarounds" section of Microsoft Security Bulletin MS15-083.


    Resolution
    To resolve this issue, install one of the following updates, as appropriate for your operating system:
    • 3179574 August 2016 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
    • 3179573 August 2016 update rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1
    • 3177186 MS16-114: Description of the security update for Windows SMBv1 Server: September 13, 2016
    Note Security update 3177186 resolves this problem in Microsoft Server Message Block 1.0 (SMBv1) Server and in all the Microsoft products that are listed in the "Applies to" section.
 

How to obtain and install the update


Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Get security updates automatically.

Note For Windows RT 8.1, this update is available through Windows Update only.

More Information


File Information