{"id":327482,"date":"2026-07-15T00:03:02","date_gmt":"2026-07-14T22:03:02","guid":{"rendered":"https:\/\/borncity.com\/blog\/?p=327482"},"modified":"2026-07-14T23:36:39","modified_gmt":"2026-07-14T21:36:39","slug":"patchday-windows-server-updates-14-juli-2026","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2026\/07\/15\/patchday-windows-server-updates-14-juli-2026\/","title":{"rendered":"Patchday: Windows Server-Updates (14. Juli 2026)"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Windows\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Windows-klein.jpg\" alt=\"Windows\" width=\"200\" align=\"left\" \/>Zum 14. Juli 2026 (zweiter Dienstag im Monat, Patchday bei Microsoft) wurden verschiedene kumulative Updates f\u00fcr die unterst\u00fctzten Versionen von Windows Server freigegeben. Nachfolgend habe ich die bereitgestellten Updates samt einigen Details f\u00fcr diese Windows Server-Versionen herausgezogen.<\/p>\n<p><!--more--><br \/>\n<img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg08.met.vgwort.de\/na\/16b69e9c36df404bb9817f0fcdf0265e\" alt=\"\" width=\"1\" height=\"1\" \/>Die nachfolgend aufgef\u00fchrten Updates beheben die in <a href=\"https:\/\/borncity.com\/blog\/2026\/07\/14\/microsoft-security-update-summary-14-juli-2026\/\">Microsoft Security Update Summary<\/a> (14. Juli 2026)\u00a0beschriebenen und f\u00fcr Windows Server relevanten Schwachstellen.<\/p>\n<h2>Updates f\u00fcr Windows Server 2025<\/h2>\n<p>Eine Liste der Updates f\u00fcr Windows Server 2025 l\u00e4sst sich auf dieser <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/windows-server-2025-update-history-10f58da7-e57b-4a9d-9c16-9f1dcd72d7d7\" target=\"_blank\" rel=\"noopener\">Microsoft-Webseite<\/a> abrufen. F\u00fcr Windows Server 2025 wurde das kumulative Update <a href=\"https:\/\/support.microsoft.com\/help\/5099536\" target=\"_blank\" rel=\"noopener\">KB5099536<\/a> freigegeben, welches Sicherheitspatches und diverse Fixes beinhaltet.<\/p>\n<ul>\n<li><strong>[Secure Boot]<\/strong>\u00a0This update includes additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/windows-devices-for-home-users-businesses-and-schools-with-microsoft-managed-updates-29bfd847-5855-49f1-bb94-e18497fe2315\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\">new Secure Boot certificates<\/a>. Certificate deployment via Windows updates continues across supported PCs and non-managed business devices in the coming months.<\/li>\n<li><strong>[Apps (Known issue)]<\/strong>\u00a0Fixed: This update addresses an issue that affects certain third-party apps that use\u00a0<a href=\"https:\/\/learn.microsoft.com\/windows\/win32\/api\/oaidl\/nf-oaidl-idispatch-invoke\" target=\"_blank\" rel=\"noopener\" data-linktype=\"external\">OLE Automation<\/a>\u00a0to interact with Microsoft Office. After installing the June 2026 security update\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/june-9-2026-kb5094125-os-build-26100-32995-e28b3956-9a5a-4b4d-bc2c-fb1bdc5d3709\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\">(KB5094125)<\/a>, these apps might fail to launch Office or open documents.<\/li>\n<li><strong>[Containers]<\/strong>\u00a0This update improves startup performance for Hyper-V\u2013isolated Windows Server containers on Windows Server 2025. The updated Windows Server 2025 container base images (nanoserver, servercore, and windowsservercore) include this improvement and are available through the Microsoft Container Registry (MCR). Pull the latest image tag to get the update.<\/li>\n<li><strong>[Cryptography]<\/strong>\n<ul>\n<li>This update adds support for hybrid post-quantum cryptography (PQC) key exchange in Transport Layer Security (TLS) 1.3. This enhancement helps protect secure network connections against emerging threats and improves readiness for future security challenges.<\/li>\n<li>This update adds support for composite cryptographic formats that combine traditional and post-quantum algorithms in a single signature or key.<\/li>\n<\/ul>\n<\/li>\n<li><strong>[Distributed Key Manager (DKM)]<\/strong>\u00a0This update introduces automatic detection of insecure DKM container ACL configurations in AD FS and provides an opt-in remediation mechanism to help administrators strengthen DKM container permissions. For more information about how to manage this change, see\u00a0<a href=\"https:\/\/support.microsoft.com\/en-US\/servicing\/os\/windows\/docs\/2026\/07\/kb5121391-cve-2026-56155-ad-fs-dkm-container-acl-hardening\" target=\"_blank\" rel=\"noopener\" data-linktype=\"relative-path\">CVE-2026-56155: AD FS Distributed Key Manager container ACL hardening<\/a><\/li>\n<li><strong>[Event Log]<\/strong>\u00a0This update improves the reliability of the Windows Event Log service on event collector servers that forward events to custom log channels configured with a manifest.<\/li>\n<li><strong>[File Explorer (known issue)]<\/strong>\u00a0Fixed: An issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run with administrative mode.This issue might occur after installing the June 2026 security update\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/june-9-2026-kb5094125-os-build-26100-32995-e28b3956-9a5a-4b4d-bc2c-fb1bdc5d3709\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\">(KB5094125)<\/a>.<\/li>\n<li><strong>[Input]<\/strong>\u00a0This update changes hotkey unregister and cleanup behavior. In rare cases, some built-in Windows experiences that rely on previous hotkey lifecycle behavior might temporarily stop responding to certain keyboard shortcuts. This issue can typically be resolved by restarting the app affected. If the issue is not resolved, report it through the\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/Windows\/Apps\/send-feedback-to-microsoft-with-the-feedback-hub-app\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\">Feedback Hub<\/a>.<\/li>\n<li><strong>[Networking]<\/strong>\n<ul>\n<li>This update improves how your device connects to shared network resources. Connections used by apps and system features, such as the NetUseAdd function, now work more reliably, including unauthenticated (null session) connections.<\/li>\n<li>This update introduces a security hardening change that enforces TDI transport registration requirements. As a result, applications that use sockets over unregistered third-party TDI transports might stop working after installing this update. Registered TDI transports are not affected. For more information, see\u00a0<a href=\"https:\/\/support.microsoft.com\/en-US\/servicing\/os\/windows\/docs\/2026\/07\/third-party-tdi-transports-might-stop-working-after-installing-windows-security-updates-released-on-or-after-july-14-2026\" target=\"_blank\" rel=\"noopener\" data-linktype=\"relative-path\">Third-party TDI transports might stop working after installing Windows security updates released on or after July 14, 2026<\/a>.<\/li>\n<\/ul>\n<\/li>\n<li><strong>[Recycle Bin (known issue)]<\/strong>\u00a0Fixed: This update addresses an issue where the confirmation dialog might display an internal Recycle Bin file name instead of the original file name when permanently deleting a file. This issue might occur after installing the June 2026 security update\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/june-9-2026-kb5094125-os-build-26100-32995-e28b3956-9a5a-4b4d-bc2c-fb1bdc5d3709\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\">(KB5094125)<\/a>.<\/li>\n<li><strong>[System reliability]<\/strong>\n<ul>\n<li>This update improves system reliability by addressing an issue that could cause Windows to stop responding in certain situations.<\/li>\n<li>This update improves performance for virtual machines running graphics-intensive applications by resolving a memory leak in the graphics kernel driver. It also reduces excessive memory usage and helps maintain consistent sign-in access.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Dieses Update wird automatisch von Windows Update heruntergeladen und installiert, ist aber auch im <a href=\"https:\/\/www.catalog.update.microsoft.com\/home.aspx\" target=\"_blank\" rel=\"noopener\">Microsoft Update Catalog<\/a> und per WSUS sowie WUfB erh\u00e4ltlich. Im Patch ist das aktuelle Windows Servicing Stack Update integriert. Details zum Update sowie ggf. verursachte Probleme und Installationsvoraussetzungen sind im Support-Beitrag aufgef\u00fchrt.<\/p>\n<h2>Update KB5099540 f\u00fcr Windows Server 2022<\/h2>\n<p>Eine Liste der Updates f\u00fcr Windows Server 2022 l\u00e4sst sich auf dieser <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/windows-server-2022-update-history-e1caa597-00c5-4ab9-9f3e-8212fe80b2ee\" target=\"_blank\" rel=\"noopener\">Microsoft-Webseite<\/a> abrufen. F\u00fcr Windows Server 2022 wurde das kumulative Update <a href=\"https:\/\/support.microsoft.com\/help\/5099540\" target=\"_blank\" rel=\"noopener\">KB5099540<\/a> freigegeben, welches Sicherheitspatches und diverse Bug-Fixes beinhaltet.<\/p>\n<ul>\n<li><strong>[Secure Boot]<\/strong>\u00a0This update includes additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/windows-devices-for-home-users-businesses-and-schools-with-microsoft-managed-updates-29bfd847-5855-49f1-bb94-e18497fe2315\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\">new Secure Boot certificates<\/a>. Certificate deployment via Windows updates continues across supported PCs and non-managed business devices in the coming months.<\/li>\n<li><strong>[Apps (Known issue)]<\/strong>\u00a0Fixed: This update addresses an issue that affects certain third-party apps that use\u00a0<a href=\"https:\/\/learn.microsoft.com\/windows\/win32\/api\/oaidl\/nf-oaidl-idispatch-invoke\" target=\"_blank\" rel=\"noopener\" data-linktype=\"external\">OLE Automation<\/a>\u00a0to interact with Microsoft Office. After installing the June 2026 security update\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/june-9-2026-kb5094128-os-build-20348-5256-56823f3e-e2a4-4839-ab01-b9de5ec4cbed\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\">(KB5094128)<\/a>, these apps might fail to launch Office or open documents.<\/li>\n<li><strong>[Authentication]<\/strong>\u00a0This update improves Microsoft Defender for Identity (MDI) unified sensor auditing for NT LAN Manager (NTLM) authentication. It captures more NTLM-based authentication events, helping you better detect identity-related threats.<\/li>\n<li><strong>[Distributed Key Manager (DKM)]<\/strong>\u00a0This update introduces automatic detection of insecure DKM container ACL configurations in AD FS and provides an opt-in remediation mechanism to help administrators strengthen DKM container permissions. For more information about how to manage this change, see\u00a0<a href=\"https:\/\/support.microsoft.com\/en-US\/servicing\/os\/windows\/docs\/2026\/07\/kb5121391-cve-2026-56155-ad-fs-dkm-container-acl-hardening\" target=\"_blank\" rel=\"noopener\" data-linktype=\"relative-path\">CVE-2026-56155: AD FS Distributed Key Manager container ACL hardening<\/a>.<\/li>\n<li><strong>[File Explorer (known issue)]<\/strong>\u00a0Fixed: An issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run with administrative mode. This issue might occur after installing the June 2026 security update\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/june-9-2026-kb5094128-os-build-20348-5256-56823f3e-e2a4-4839-ab01-b9de5ec4cbed\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\">(KB5094128)<\/a>.<\/li>\n<li><strong>[Input]<\/strong>\u00a0This update changes hotkey unregister and cleanup behavior. In rare cases, some built-in Windows experiences that rely on previous hotkey lifecycle behavior might temporarily stop responding to certain keyboard shortcuts. This issue can typically be resolved by restarting the app affected. If the issue is not resolved, report it through the\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/Windows\/Apps\/send-feedback-to-microsoft-with-the-feedback-hub-app\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\">Feedback Hub<\/a>.<\/li>\n<li><strong>[Networking]<\/strong>\n<ul>\n<li>This update improves reliability in Windows Failover Cluster environments that use cluster virtual IP addresses. It ensures the SkipAsSource setting for cluster IPs is configured correctly, which improves DNS record accuracy and network communication connectivity.<\/li>\n<li>This update introduces a security hardening change that enforces TDI transport registration requirements. As a result, applications that use sockets over unregistered third-party TDI transports might stop working after installing this update. Registered TDI transports are not affected. For more information, see\u00a0<a href=\"https:\/\/support.microsoft.com\/en-US\/servicing\/os\/windows\/docs\/2026\/07\/third-party-tdi-transports-might-stop-working-after-installing-windows-security-updates-released-on-or-after-july-14-2026\" target=\"_blank\" rel=\"noopener\" data-linktype=\"relative-path\">Third-party TDI transports might stop working after installing Windows security updates released on or after July 14, 2026<\/a>.<\/li>\n<\/ul>\n<\/li>\n<li><strong>[Recycle Bin (known issue)]<\/strong>\u00a0Fixed: This update addresses an issue where the confirmation dialog might display an internal Recycle Bin file name instead of the original file name when permanently deleting a file. This issue might occur after installing the June 2026 security update\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/june-9-2026-kb5094128-os-build-20348-5256-56823f3e-e2a4-4839-ab01-b9de5ec4cbed\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\">(KB5094128)<\/a>.<\/li>\n<li><strong>[Remote Desktop (RDP) Security]<\/strong>\u00a0Support for SHA-2 certificate thumbprints has been added for trusted RDP publishers, with SHA-1 support retained only for backward compatibility and planned for future removal. New guidance is available for managing RDP file security through Group to help organizations reduce phishing risks by controlling which .rdp files users can open. We recommend IT administrators migrate to SHA-256 thumbprints or a stronger algorithm as soon as possible to avoid disruption.<\/li>\n<\/ul>\n<p>Dieses Update wird automatisch von Windows Update heruntergeladen und installiert, ist aber auch im <a href=\"https:\/\/www.catalog.update.microsoft.com\/home.aspx\" target=\"_blank\" rel=\"noopener\">Microsoft Update Catalog<\/a> und per WSUS sowie WUfB erh\u00e4ltlich. Im Patch ist das aktuell Windows Servicing Stack Update integriert. Details zum Update sowie ggf. verursachte Probleme und Installationsvoraussetzungen sind im Support-Beitrag aufgef\u00fchrt.<\/p>\n<blockquote><p>Windows Server 23H2 ist am 12. Mai 2026 aus dem Support gefallen.<\/p><\/blockquote>\n<h2>Updates f\u00fcr Windows Server 2016\/2019<\/h2>\n<p>Eine Liste der Updates f\u00fcr Windows Server 2016 und 2019 l\u00e4sst sich auf dieser <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/windows-10-and-windows-server-2019-update-history-725fc2e1-4443-6831-a5ca-51ff5cbcb059\" target=\"_blank\" rel=\"noopener\">Microsoft-Webseite<\/a> abrufen. Ich habe nachfolgend die betreffenden Update-Informationen herausgezogen.<\/p>\n<h3>Update KB5099538 f\u00fcr Windows Server 2019<\/h3>\n<p>Das kumulative Update <a href=\"https:\/\/support.microsoft.com\/help\/5099538\" target=\"_blank\" rel=\"noopener\">KB5099538<\/a> steht nicht nur f\u00fcr Windows 10 2019 Enterprise LTSC etc. bereit, sondern auch f\u00fcr Windows Server 2019. Das Update beinhaltet Sicherheitsfixes, und Verbesserungen bzw. Fehlerbehebungen (auf den Registerreiter zu Server 2019 umstellen), die im Supportbeitrag aufgef\u00fchrt sind.##<\/p>\n<ul>\n<li><strong>[Input]<\/strong>\u00a0This update changes hotkey unregister and cleanup behavior. In rare cases, some built-in Windows experiences that rely on previous hotkey lifecycle behavior might temporarily stop responding to certain keyboard shortcuts. This issue can typically be resolved by restarting the app affected. If the issue is not resolved, report it through the Feedback Hub.<\/li>\n<li><strong>[Secure Boot]<\/strong>\n<ul>\n<li>This update enables dynamic status reporting for Secure Boot states in Windows Security App.<\/li>\n<li>This update includes additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/windows-devices-for-home-users-businesses-and-schools-with-microsoft-managed-updates-29bfd847-5855-49f1-bb94-e18497fe2315\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\">new Secure Boot certificates<\/a>. Certificate deployment via Windows updates continues across supported PCs and non-managed business devices in the coming months.<\/li>\n<\/ul>\n<\/li>\n<li><strong>[File Explorer (known issue)]<\/strong>\u00a0Fixed: An issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run with administrative mode.<\/li>\n<li><strong>[Networking]<\/strong>\u00a0This update introduces a security hardening change that enforces TDI transport registration requirements. As a result, applications that use sockets over unregistered third-party TDI transports might stop working after installing this update. Registered TDI transports are not affected. For more information, see\u00a0<a href=\"https:\/\/support.microsoft.com\/en-US\/servicing\/os\/windows\/docs\/2026\/07\/third-party-tdi-transports-might-stop-working-after-installing-windows-security-updates-released-on-or-after-july-14-2026\" target=\"_blank\" rel=\"noopener\" data-linktype=\"relative-path\">Third-party TDI transports might stop working after installing Windows security updates released on or after July 14, 2026<\/a>.<\/li>\n<li><strong>[OLE Automation (known issue)]<\/strong>\u00a0Fixed: Addresses a compatibility issue in OLE Automation (oleaut32.dll) that was introduced by the June 2026 security update. Some applications that use the IDispatch::Invoke method to call COM methods with BYREF parameters that share the same underlying storage might fail. These failures can include parameter marshaling errors or automation call failures. This update corrects how parameter ownership is handled and restores expected application behavior.<\/li>\n<li><strong>[Recycle Bin (known issue)]<\/strong>\u00a0Fixed: This update addresses an issue where the confirmation dialog might display an internal Recycle Bin file name instead of the original file name when permanently deleting a file.<\/li>\n<li><strong>[Authentication]<\/strong>\u00a0This update improves auditing for NT LAN Manager (NTLM) authentication by enhancing logging to provide more detailed information for security monitoring and analysis.<\/li>\n<li><strong>[Distributed Key Manager (DKM)]<\/strong>\u00a0This update introduces automatic detection of insecure DKM container ACL configurations in AD FS and provides an opt-in remediation mechanism to help administrators strengthen DKM container permissions. For more information about how to manage this change, see\u00a0<a href=\"https:\/\/support.microsoft.com\/en-US\/servicing\/os\/windows\/docs\/2026\/07\/kb5121391-cve-2026-56155-ad-fs-dkm-container-acl-hardening\" target=\"_blank\" rel=\"noopener\" data-linktype=\"relative-path\">CVE-2026-56155: AD FS Distributed Key Manager container ACL hardening<\/a>.<\/li>\n<li><strong>[Remote Desktop (RDP) Security]<\/strong>\u00a0Support for SHA-2 certificate thumbprints has been added for trusted RDP publishers, with SHA-1 support retained only for backward compatibility and planned for future removal. New guidance is available for managing RDP file security through Group Policy to help organizations reduce phishing risks by controlling which .rdp files users can open. We recommend IT administrators migrate to SHA-256 thumbprints or a stronger algorithm as soon as possible to avoid disruption.<\/li>\n<\/ul>\n<p>Das Update wird automatisch von Windows Update heruntergeladen und installiert, ist aber auch im <a href=\"http:\/\/www.catalog.update.microsoft.com\/home.aspx\" target=\"_blank\" rel=\"noopener\">Microsoft Update Catalog<\/a>, per WSUS und WUfB erh\u00e4ltlich. Microsoft hat zudem das Service Stack Update (SSU) aktualisiert. Beachtet die im Support-Beitrag beschriebene Installationsreihenfolge, ggf. die Hinweise zu weiteren Anforderungen und eventuell vorhandener Probleme.<\/p>\n<h3>Update KB5094122 f\u00fcr Windows Server 2016<\/h3>\n<p>Das kumulative Update <a href=\"https:\/\/support.microsoft.com\/help\/5099535\" target=\"_blank\" rel=\"noopener\">KB5099535<\/a>\u00a0steht nicht nur f\u00fcr Windows 10 2016 Enterprise LTSC, sondern auch f\u00fcr Windows Server 2016, bereit. Das Update beinhaltet Sicherheitsfixes, Fehlerbehebungen und Verbesserungen, die ggf. im Supportbeitrag aufgef\u00fchrt werden.<\/p>\n<ul>\n<li><strong>[OLE Automation (known issue)]<\/strong>\u00a0Fixed: Addresses a compatibility issue in OLE Automation (oleaut32.dll) that was introduced by the June 2026 security update. Some applications that use the IDispatch::Invoke method to call COM methods with BYREF parameters that share the same underlying storage might fail. These failures can include parameter marshaling errors or automation call failures. This update corrects how parameter ownership is managed and restores expected application behavior.<\/li>\n<li><strong>[File Explorer (known issue)]<\/strong>\u00a0Fixed: An issue where the OneDrive shortcut in File Explorer stops working when File Explorer is run with administrative mode.<\/li>\n<li><strong>[Recycle Bin (known issue)]<\/strong>\u00a0Fixed: This update addresses an issue where the confirmation dialog might display an internal Recycle Bin file name instead of the original file name when permanently deleting a file.<\/li>\n<li><strong>[Secure Boot]<\/strong>\u00a0This update includes additional high confidence device targeting data, increasing coverage of devices eligible to automatically receive\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/windows-devices-for-home-users-businesses-and-schools-with-microsoft-managed-updates-29bfd847-5855-49f1-bb94-e18497fe2315\" target=\"_blank\" rel=\"noopener\" data-linktype=\"absolute-path\">new Secure Boot certificates<\/a>. Certificate deployment via Windows updates continues across supported PCs and non-managed business devices in the coming months.<\/li>\n<li><strong>[Networking]<\/strong>\u00a0This update introduces a security hardening change that enforces TDI transport registration requirements. As a result, applications that use sockets over unregistered third-party TDI transports might stop working after installing this update. Registered TDI transports are not affected. For more information, see\u00a0<a href=\"https:\/\/support.microsoft.com\/en-US\/servicing\/os\/windows\/docs\/2026\/07\/third-party-tdi-transports-might-stop-working-after-installing-windows-security-updates-released-on-or-after-july-14-2026\" target=\"_blank\" rel=\"noopener\" data-linktype=\"relative-path\">Third-party TDI transports might stop working after installing Windows security updates released on or after July 14, 2026<\/a>.<\/li>\n<li><strong>[Distributed Key Manager (DKM)]<\/strong>\u00a0This update introduces automatic detection of insecure DKM container ACL configurations in AD FS and provides an opt-in remediation mechanism to help administrators strengthen DKM container permissions. For more information about how to manage this change, see\u00a0<a href=\"https:\/\/support.microsoft.com\/en-US\/servicing\/os\/windows\/docs\/2026\/07\/kb5121391-cve-2026-56155-ad-fs-dkm-container-acl-hardening\" target=\"_blank\" rel=\"noopener\" data-linktype=\"relative-path\">CVE-2026-56155: AD FS Distributed Key Manager container ACL hardening<\/a>.<\/li>\n<li><strong>[Remote Desktop (RDP) Security]<\/strong>\u00a0Support for SHA-2 certificate thumbprints has been added for trusted RDP publishers, with SHA-1 support retained only for backward compatibility and planned for future removal. New guidance is available for managing RDP file security through Group Policy to help organizations reduce phishing risks by controlling which .rdp files users can open. We recommend IT administrators migrate to SHA-256 thumbprints or a stronger algorithm as soon as possible to avoid disruption.<\/li>\n<\/ul>\n<p>Das Update wird automatisch von Windows Update heruntergeladen und installiert, ist aber auch im <a href=\"http:\/\/www.catalog.update.microsoft.com\/home.aspx\" target=\"_blank\" rel=\"noopener\">Microsoft Update Catalog<\/a>, per WSUS und WUfB erh\u00e4ltlich. Microsoft hat zudem das Service Stack Update (SSU) aktualisiert. Beachtet die im Support-Beitrag beschriebenen Installationsanforderungen und eventuelle Hinweise auf vorhandene Probleme.<\/p>\n<p>Details zu obigen Updates sind im Zweifelsfall den jeweiligen Microsoft KB-Artikeln zu entnehmen.<\/p>\n<h2>Updates f\u00fcr Windows Server 2012 \/ R2<\/h2>\n<p>Windows Server 2012\/R2 sind im Oktober 2023 aus dem Support gefallen und bekommen nur noch mit ESU-Lizenz Updates.\u00a0F\u00fcr Windows Server 2012 R2 sind auf\u00a0<a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4009470\/windows-8-1-windows-server-2012-r2-update-history\" target=\"_blank\" rel=\"noopener\">dieser Microsoft-Seite<\/a> bisher keine Updates dokumentiert. Die Update-Historie f\u00fcr Windows Server 2012 ist auf <a href=\"https:\/\/support.microsoft.com\/en-us\/topic\/windows-server-2012-update-history-abfb9afd-2ebf-1c19-4224-ad86f8741edd\" target=\"_blank\" rel=\"noopener\">dieser Microsoft-Seite<\/a> zu finden, wobei bisher keine Updates f\u00fcr diesen Monat aufgelistet werden.<\/p>\n<p><strong>\u00c4hnliche Artikel:<\/strong><br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2026\/07\/14\/microsoft-security-update-summary-14-juli-2026\/\">Microsoft Security Update Summary<\/a> (14. Juli 2026)<br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2026\/07\/15\/patchday-windows-10-11-updates-14-juli-2026\/\">Patchday: Windows 10\/11 Updates<\/a> (14. Juli 2026)<br \/>\n<a href=\"https:\/\/borncity.com\/blog\/2026\/07\/15\/patchday-windows-server-updates-14-juli-2026\/\">Patchday: Windows Server-Updates<\/a> (14. Juli 2026)<br \/>\nPatchday: Microsoft Office Updates (14. Juli 2026)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zum 14. Juli 2026 (zweiter Dienstag im Monat, Patchday bei Microsoft) wurden verschiedene kumulative Updates f\u00fcr die unterst\u00fctzten Versionen von Windows Server freigegeben. Nachfolgend habe ich die bereitgestellten Updates samt einigen Details f\u00fcr diese Windows Server-Versionen herausgezogen.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[426,185,2557],"tags":[15625,4328,4315,4364],"class_list":["post-327482","post","type-post","status-publish","format-standard","hentry","category-sicherheit","category-update","category-windows-server","tag-patchday-7-2026","tag-sicherheit","tag-update","tag-windows-server"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/327482","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=327482"}],"version-history":[{"count":10,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/327482\/revisions"}],"predecessor-version":[{"id":327495,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/327482\/revisions\/327495"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=327482"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=327482"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=327482"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}