• Skip to primary navigation
  • Skip to main content
site logo
  • About
    • Approach
    • Partnerships
    • Mission
    • Leadership
    • Awards
    • Arraya Cares
  • Solutions
    • Solutions

    • Hybrid Infrastructure
      • Hyperconverged
      • Infrastructure as a Service
      • Servers, Storage, and Virtualization
      • Data Protection
      • Disaster Recovery & Business Continuity
    • Apps & Data
      • AI
      • Automation
      • Customizations
      • Visualizations & Integrations
      • Migrations
    • Network
      • Enterprise Networks
      • Wireless Connectivity
      • Cloud Networking Solutions
      • IoT
    • Cybersecurity
      • Endpoint Security
      • Network Security
      • Cloud Security
      • Application Security
    • Modern Workplace
      • Microsoft Licensing
      • Productivity & Collaboration
      • Modern Endpoint Deployment & Management
      • Microsoft Compliance & Risk
      • Backup
      • Cloud
  • Services
    • Services

    • Managed Services
      • Service Desk
      • Outsourced IT
      • Managed Security
      • Managed NOC
      • Arraya Adaptive Management for Microsoft Technologies
      • ADEPT: Arraya's White Label Program
    • Advisory Services
      • Assessments
      • Strategy
      • vCTO
      • vCISO
      • Enterprise Architecture
    • Staffing
      • Infrastructure Engineering
      • Security & Compliance
      • Application & Software
    • Professional Services
      • Project Management 
      • Systems Integration 
      • Mergers & Acquisitions
      • Knowledge & Skills Transfer 
  • Industries
    • Education
    • Finance
    • Healthcare
    • Legal
    • Manufacturing
    • Software and Services
  • Insights
    • News
    • Blog
    • Events
    • Videos
    • Case studies
  • Careers
  • CSP Login
search icon
Contact Us

Fallout from New Microsoft Security Patch – and How to Fix it

A new security patch from Microsoft could carry frustrating side effects for IT teams who apply it. The patch, identified as MS16-072, secures machines against “man-in-the-middle” attacks. In thePadlock Icon Computer Key Showing Safety Security Or Protected process of doing that, however, it may cause issues with an organization’s Group Policy settings and how they’re applied.

With the MS16-072 update, Microsoft purposefully changed the way Group Policies are handled to address “man-in-the-middle” attack vulnerabilities. If left unchecked, cyber criminals could exploit those vulnerabilities to execute unauthorized privilege escalations.

Pre-update, as long as a user account had access to a security policy, that policy would be applied. This took place regardless of whether the computer an individual logged in on had access to that policy. Due to the upgrade, it’s now necessary for both a user account and a computer account to have access to a policy. If they both don’t have access, the policy won’t be applied.

Organizations who haven’t made any changes to the default settings of their Active Directory Group Policy Objects permissions and whose Kerberos authentication is working will be unaffected by this change. On the flip side, organizations who’ve engaged in security filtering in their AD space will have a little bit of work to do to ensure their permissions continue to operate as intended.

Complicating this situation is the fact that the negative impact of the patch may not be immediately evident. Since the change likely will only affect a small number of Group Policies, it could take users or IT considerable time to notice the issue. An alternative scenario could be if none of an organization’s current policies are filtered – leaving the entire slate unaffected. Then, months later, IT releases a new policy and applies a security-filter. All of a sudden, problems begin to surface.

Patch your systems with confidence

Obviously, the benefits of applying the patch outweigh the negatives, so ignoring it simply isn’t an option. What needs to happen for organizations to apply the MS16-072 update with confidence? First, organizations must determine which of their Group Policies may be affected and then they must adjust their settings accordingly. Microsoft laid out how to do this in a recent blog post, which can be found here.

Arraya’s Microsoft team is also ready to assist. Our team has the skills and experience needed to uncover any complications and make the necessary corrections. With our team’s support, IT pros can rest assured their network is secured and the policies they’re laying out are being applied completely.

If you’d like to start a dialogue with our Microsoft team, they can be reached at mssales@arrayasolutions.com or at http://www.arrayasolutions.com/contact-us/.

Also, you can stay connected with Arraya through social media by following us on: Twitter, LinkedIn, and Facebook.

Arraya Insights
Back to Top
Arraya Solutions logo

We combine technological expertise and personal service to educate and empower our customers to solve their individual IT challenges.

518 Township Line Road
Suite 250, Blue Bell, PA 19422

p: (866) 229-6234     f: (610) 684-8655
e: info@arrayasolutions.com

  • Careers
  • Privacy Policy
  • Contact Us

© 2025 Arraya Solutions. All rights reserved.

Facebook Twitter YouTube LinkedIn
Manage Cookie Consent
We use cookies to enhance your experience. By selecting “Accept,” you agree to our cookie policy.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}