Patchday: Windows Server-Updates (14. Juli 2026)

WindowsZum 14. Juli 2026 (zweiter Dienstag im Monat, Patchday bei Microsoft) wurden verschiedene kumulative Updates für die unterstützten Versionen von Windows Server freigegeben. Nachfolgend habe ich die bereitgestellten Updates samt einigen Details für diese Windows Server-Versionen herausgezogen.


Die nachfolgend aufgeführten Updates beheben die in Microsoft Security Update Summary (14. Juli 2026) beschriebenen und für Windows Server relevanten Schwachstellen.

Updates für Windows Server 2025

Eine Liste der Updates für Windows Server 2025 lässt sich auf dieser Microsoft-Webseite abrufen. Für Windows Server 2025 wurde das kumulative Update KB5099536 freigegeben, welches Sicherheitspatches und diverse Fixes beinhaltet.

  • [Secure Boot] This update includes additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Certificate deployment via Windows updates continues across supported PCs and non-managed business devices in the coming months.
  • [Apps (Known issue)] Fixed: This update addresses an issue that affects certain third-party apps that use OLE Automation to interact with Microsoft Office. After installing the June 2026 security update (KB5094125), these apps might fail to launch Office or open documents.
  • [Containers] This update improves startup performance for Hyper-V–isolated Windows Server containers on Windows Server 2025. The updated Windows Server 2025 container base images (nanoserver, servercore, and windowsservercore) include this improvement and are available through the Microsoft Container Registry (MCR). Pull the latest image tag to get the update.
  • [Cryptography]
    • This update adds support for hybrid post-quantum cryptography (PQC) key exchange in Transport Layer Security (TLS) 1.3. This enhancement helps protect secure network connections against emerging threats and improves readiness for future security challenges.
    • This update adds support for composite cryptographic formats that combine traditional and post-quantum algorithms in a single signature or key.
  • [Distributed Key Manager (DKM)] This update introduces automatic detection of insecure DKM container ACL configurations in AD FS and provides an opt-in remediation mechanism to help administrators strengthen DKM container permissions. For more information about how to manage this change, see CVE-2026-56155: AD FS Distributed Key Manager container ACL hardening
  • [Event Log] This update improves the reliability of the Windows Event Log service on event collector servers that forward events to custom log channels configured with a manifest.
  • [File Explorer (known issue)] Fixed: An issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run with administrative mode.This issue might occur after installing the June 2026 security update (KB5094125).
  • [Input] This update changes hotkey unregister and cleanup behavior. In rare cases, some built-in Windows experiences that rely on previous hotkey lifecycle behavior might temporarily stop responding to certain keyboard shortcuts. This issue can typically be resolved by restarting the app affected. If the issue is not resolved, report it through the Feedback Hub.
  • [Networking]
    • This update improves how your device connects to shared network resources. Connections used by apps and system features, such as the NetUseAdd function, now work more reliably, including unauthenticated (null session) connections.
    • This update introduces a security hardening change that enforces TDI transport registration requirements. As a result, applications that use sockets over unregistered third-party TDI transports might stop working after installing this update. Registered TDI transports are not affected. For more information, see Third-party TDI transports might stop working after installing Windows security updates released on or after July 14, 2026.
  • [Recycle Bin (known issue)] Fixed: This update addresses an issue where the confirmation dialog might display an internal Recycle Bin file name instead of the original file name when permanently deleting a file. This issue might occur after installing the June 2026 security update (KB5094125).
  • [System reliability]
    • This update improves system reliability by addressing an issue that could cause Windows to stop responding in certain situations.
    • This update improves performance for virtual machines running graphics-intensive applications by resolving a memory leak in the graphics kernel driver. It also reduces excessive memory usage and helps maintain consistent sign-in access.

Dieses Update wird automatisch von Windows Update heruntergeladen und installiert, ist aber auch im Microsoft Update Catalog und per WSUS sowie WUfB erhältlich. Im Patch ist das aktuelle Windows Servicing Stack Update integriert. Details zum Update sowie ggf. verursachte Probleme und Installationsvoraussetzungen sind im Support-Beitrag aufgeführt.

Update KB5099540 für Windows Server 2022

Eine Liste der Updates für Windows Server 2022 lässt sich auf dieser Microsoft-Webseite abrufen. Für Windows Server 2022 wurde das kumulative Update KB5099540 freigegeben, welches Sicherheitspatches und diverse Bug-Fixes beinhaltet.

  • [Secure Boot] This update includes additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Certificate deployment via Windows updates continues across supported PCs and non-managed business devices in the coming months.
  • [Apps (Known issue)] Fixed: This update addresses an issue that affects certain third-party apps that use OLE Automation to interact with Microsoft Office. After installing the June 2026 security update (KB5094128), these apps might fail to launch Office or open documents.
  • [Authentication] This update improves Microsoft Defender for Identity (MDI) unified sensor auditing for NT LAN Manager (NTLM) authentication. It captures more NTLM-based authentication events, helping you better detect identity-related threats.
  • [Distributed Key Manager (DKM)] This update introduces automatic detection of insecure DKM container ACL configurations in AD FS and provides an opt-in remediation mechanism to help administrators strengthen DKM container permissions. For more information about how to manage this change, see CVE-2026-56155: AD FS Distributed Key Manager container ACL hardening.
  • [File Explorer (known issue)] Fixed: An issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run with administrative mode. This issue might occur after installing the June 2026 security update (KB5094128).
  • [Input] This update changes hotkey unregister and cleanup behavior. In rare cases, some built-in Windows experiences that rely on previous hotkey lifecycle behavior might temporarily stop responding to certain keyboard shortcuts. This issue can typically be resolved by restarting the app affected. If the issue is not resolved, report it through the Feedback Hub.
  • [Networking]
    • This update improves reliability in Windows Failover Cluster environments that use cluster virtual IP addresses. It ensures the SkipAsSource setting for cluster IPs is configured correctly, which improves DNS record accuracy and network communication connectivity.
    • This update introduces a security hardening change that enforces TDI transport registration requirements. As a result, applications that use sockets over unregistered third-party TDI transports might stop working after installing this update. Registered TDI transports are not affected. For more information, see Third-party TDI transports might stop working after installing Windows security updates released on or after July 14, 2026.
  • [Recycle Bin (known issue)] Fixed: This update addresses an issue where the confirmation dialog might display an internal Recycle Bin file name instead of the original file name when permanently deleting a file. This issue might occur after installing the June 2026 security update (KB5094128).
  • [Remote Desktop (RDP) Security] Support for SHA-2 certificate thumbprints has been added for trusted RDP publishers, with SHA-1 support retained only for backward compatibility and planned for future removal. New guidance is available for managing RDP file security through Group to help organizations reduce phishing risks by controlling which .rdp files users can open. We recommend IT administrators migrate to SHA-256 thumbprints or a stronger algorithm as soon as possible to avoid disruption.

Dieses Update wird automatisch von Windows Update heruntergeladen und installiert, ist aber auch im Microsoft Update Catalog und per WSUS sowie WUfB erhältlich. Im Patch ist das aktuell Windows Servicing Stack Update integriert. Details zum Update sowie ggf. verursachte Probleme und Installationsvoraussetzungen sind im Support-Beitrag aufgeführt.

Windows Server 23H2 ist am 12. Mai 2026 aus dem Support gefallen.

Updates für Windows Server 2016/2019

Eine Liste der Updates für Windows Server 2016 und 2019 lässt sich auf dieser Microsoft-Webseite abrufen. Ich habe nachfolgend die betreffenden Update-Informationen herausgezogen.

Update KB5099538 für Windows Server 2019

Das kumulative Update KB5099538 steht nicht nur für Windows 10 2019 Enterprise LTSC etc. bereit, sondern auch für Windows Server 2019. Das Update beinhaltet Sicherheitsfixes, und Verbesserungen bzw. Fehlerbehebungen (auf den Registerreiter zu Server 2019 umstellen), die im Supportbeitrag aufgeführt sind.##

  • [Input] This update changes hotkey unregister and cleanup behavior. In rare cases, some built-in Windows experiences that rely on previous hotkey lifecycle behavior might temporarily stop responding to certain keyboard shortcuts. This issue can typically be resolved by restarting the app affected. If the issue is not resolved, report it through the Feedback Hub.
  • [Secure Boot]
    • This update enables dynamic status reporting for Secure Boot states in Windows Security App.
    • This update includes additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Certificate deployment via Windows updates continues across supported PCs and non-managed business devices in the coming months.
  • [File Explorer (known issue)] Fixed: An issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run with administrative mode.
  • [Networking] This update introduces a security hardening change that enforces TDI transport registration requirements. As a result, applications that use sockets over unregistered third-party TDI transports might stop working after installing this update. Registered TDI transports are not affected. For more information, see Third-party TDI transports might stop working after installing Windows security updates released on or after July 14, 2026.
  • [OLE Automation (known issue)] Fixed: Addresses a compatibility issue in OLE Automation (oleaut32.dll) that was introduced by the June 2026 security update. Some applications that use the IDispatch::Invoke method to call COM methods with BYREF parameters that share the same underlying storage might fail. These failures can include parameter marshaling errors or automation call failures. This update corrects how parameter ownership is handled and restores expected application behavior.
  • [Recycle Bin (known issue)] Fixed: This update addresses an issue where the confirmation dialog might display an internal Recycle Bin file name instead of the original file name when permanently deleting a file.
  • [Authentication] This update improves auditing for NT LAN Manager (NTLM) authentication by enhancing logging to provide more detailed information for security monitoring and analysis.
  • [Distributed Key Manager (DKM)] This update introduces automatic detection of insecure DKM container ACL configurations in AD FS and provides an opt-in remediation mechanism to help administrators strengthen DKM container permissions. For more information about how to manage this change, see CVE-2026-56155: AD FS Distributed Key Manager container ACL hardening.
  • [Remote Desktop (RDP) Security] Support for SHA-2 certificate thumbprints has been added for trusted RDP publishers, with SHA-1 support retained only for backward compatibility and planned for future removal. New guidance is available for managing RDP file security through Group Policy to help organizations reduce phishing risks by controlling which .rdp files users can open. We recommend IT administrators migrate to SHA-256 thumbprints or a stronger algorithm as soon as possible to avoid disruption.

Das Update wird automatisch von Windows Update heruntergeladen und installiert, ist aber auch im Microsoft Update Catalog, per WSUS und WUfB erhältlich. Microsoft hat zudem das Service Stack Update (SSU) aktualisiert. Beachtet die im Support-Beitrag beschriebene Installationsreihenfolge, ggf. die Hinweise zu weiteren Anforderungen und eventuell vorhandener Probleme.

Update KB5094122 für Windows Server 2016

Das kumulative Update KB5099535 steht nicht nur für Windows 10 2016 Enterprise LTSC, sondern auch für Windows Server 2016, bereit. Das Update beinhaltet Sicherheitsfixes, Fehlerbehebungen und Verbesserungen, die ggf. im Supportbeitrag aufgeführt werden.

  • [OLE Automation (known issue)] Fixed: Addresses a compatibility issue in OLE Automation (oleaut32.dll) that was introduced by the June 2026 security update. Some applications that use the IDispatch::Invoke method to call COM methods with BYREF parameters that share the same underlying storage might fail. These failures can include parameter marshaling errors or automation call failures. This update corrects how parameter ownership is managed and restores expected application behavior.
  • [File Explorer (known issue)] Fixed: An issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run with administrative mode.
  • [Recycle Bin (known issue)] Fixed: This update addresses an issue where the confirmation dialog might display an internal Recycle Bin file name instead of the original file name when permanently deleting a file.
  • [Secure Boot] This update includes additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive new Secure Boot certificates. Certificate deployment via Windows updates continues across supported PCs and non-managed business devices in the coming months.
  • [Networking] This update introduces a security hardening change that enforces TDI transport registration requirements. As a result, applications that use sockets over unregistered third-party TDI transports might stop working after installing this update. Registered TDI transports are not affected. For more information, see Third-party TDI transports might stop working after installing Windows security updates released on or after July 14, 2026.
  • [Distributed Key Manager (DKM)] This update introduces automatic detection of insecure DKM container ACL configurations in AD FS and provides an opt-in remediation mechanism to help administrators strengthen DKM container permissions. For more information about how to manage this change, see CVE-2026-56155: AD FS Distributed Key Manager container ACL hardening.
  • [Remote Desktop (RDP) Security] Support for SHA-2 certificate thumbprints has been added for trusted RDP publishers, with SHA-1 support retained only for backward compatibility and planned for future removal. New guidance is available for managing RDP file security through Group Policy to help organizations reduce phishing risks by controlling which .rdp files users can open. We recommend IT administrators migrate to SHA-256 thumbprints or a stronger algorithm as soon as possible to avoid disruption.

Das Update wird automatisch von Windows Update heruntergeladen und installiert, ist aber auch im Microsoft Update Catalog, per WSUS und WUfB erhältlich. Microsoft hat zudem das Service Stack Update (SSU) aktualisiert. Beachtet die im Support-Beitrag beschriebenen Installationsanforderungen und eventuelle Hinweise auf vorhandene Probleme.

Details zu obigen Updates sind im Zweifelsfall den jeweiligen Microsoft KB-Artikeln zu entnehmen.

Updates für Windows Server 2012 / R2

Windows Server 2012/R2 sind im Oktober 2023 aus dem Support gefallen und bekommen nur noch mit ESU-Lizenz Updates. Für Windows Server 2012 R2 sind auf dieser Microsoft-Seite bisher keine Updates dokumentiert. Die Update-Historie für Windows Server 2012 ist auf dieser Microsoft-Seite zu finden, wobei bisher keine Updates für diesen Monat aufgelistet werden.

Ähnliche Artikel:
Microsoft Security Update Summary (14. Juli 2026)
Patchday: Windows 10/11 Updates (14. Juli 2026)
Patchday: Windows Server-Updates (14. Juli 2026)
Patchday: Microsoft Office Updates (14. Juli 2026)

Dieser Beitrag wurde unter Sicherheit, Update, Windows Server abgelegt und mit , , , verschlagwortet. Setze ein Lesezeichen für den Permalink.

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Hinweis: Bitte beachtet die Regeln zum Kommentieren im Blog (Erstkommentare und Verlinktes landet in der Moderation, gebe ich alle paar Stunden frei, SEO-Posts/SPAM lösche ich rigoros. Kommentare abseits des Themas bitte unter Diskussion. Kommentare, die gegen die Regeln verstoßen, werden rigoros gelöscht. Wegen Missbrauchs bin ich gezwungen, Name und E-Mail als Pflichtfelder beim Kommentieren zu aktivieren. Wählt ggf. einen (noch nicht benutzten) Alias-Namen und verwendet ggf. eine Dummy-Mail-Adresse (z.B. t@hotkev.com).

Du findest den Blog gut, hast aber Werbung geblockt? Du kannst diesen Blog auch durch eine Spende unterstützen.