To learn more about the vulnerability, see Microsoft Security Bulletin MS16-072.
- All future security and non-security updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require update 2919355 to be installed. We recommend that you install update 2919355 on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive future updates.
- If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.
The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.
- 3159398 MS16-072: Description of the security update for Group Policy: June 14, 2016
- 3163017 Cumulative update for Windows 10: June 14, 2016
- 3163018 Cumulative update for Windows 10 Version 1511 and Windows Server 2016 Technical Preview 4: June 14, 2016
- 3163016 Cumulative Update for Windows Server 2016 Technical Preview 5: June 14 2016
SymptomsAll user Group Policy, including those that have been security filtered on user accounts or security groups, or both, may fail to apply on domain joined computers.
CauseThis issue may occur if the Group Policy Object is missing the Read permissions for the Authenticated Users group or if you are using security filtering and are missing Read permissions for the domain computers group.
ResolutionTo resolve this issue, use the Group Policy Management Console (GPMC.MSC) and follow one of the following steps:
- Add the Authenticated Users group with Read Permissions on the Group Policy Object (GPO).
- If you are using security filtering, add the Domain Computers group with read permission.
Method 1: Windows Update
Note For Windows RT 8.1, this update is available through Windows Update only.
Article ID: 3163622 - Last Review: Apr 11, 2017 - Revision: 2