[German]Security update KB4577015, dated September 8, 2020, causes problems on Windows Server 2016, which acts as the domain controller. The Group Policy Editor (gpedit.msc) throws a wsecedit.dll error when loading an MMC snap-in when changing security options.
I’ve been notified by serveral users about this issue (see e.g. this German comment), so I’m pulling it out separately here in a post.
Windows Update KB4577015 (Sept. 8, 2020)
Cumulative update KB4577015 was released by Microsoft on September 8, 2020 as a security update for Windows 10 1607 Enterprise STSC. The update is also available for Windows Server 2016. I had mentioned the update briefly in the article Patchday: Windows 10-Updates (September 8, 2020). It adds time zone information for Yokon (Canada) and fixes a number of security issues. Microsoft also adds the item Provides the ability to set a Group Policy that displays only the domain and username when you sign in. However, it seems that something has gone wrong with the various fixes.
Group Policy Editor on Windows Server 2016 broken
Besides the above comment there was already a call for help from another administrator, which I addressed in the blog post Windows 10 V1607: Update KB4571694 creates ID 5827 events, bricks MMC. The administrator of a virtualized Windows Server 2016 Datacenter Edition encountered a wsecedit.dll error when loading an MMC snap-in while using the Group Policy Editor. Th attempts to traverse the following path in Group Policy:
Computer Configuration > Windows Setting > Security Settings > Local Policy > Security Options
fails with a gpedit.msc error message. A MMC snap-in cannot be loaded because a wsecedit.dll error has occurred.
The hint to restart the Group Policy Editor or to ignore the error in the session does not help. The functions for customizing the security options can no longer be used. There is now a fresh entry GPMC error for “Security Options” after Updates 2020-09 in Windows Server 2016 Domain Controllers in Microsoft’s Q&A. There several users confirm the following error description:
We have found that if a Windows Server 2016 DC has been patched with the current Cumulative Update 2020-09 and Servicing Stack Update 2020-09, the “Security Options” in a policy can no longer be opened in the GPMC afterwards.
Cumulative update KB4577015 from September 8, 2020 is the culprit, as I have now been confirmed by various sources. It seems to affect all versions or variants of Windows Server 2016 – and probably also Windows 10 version 1607 Enterprise LTSC. Maybe this information will help.
Addendum: There ist a workaround to avoid the crash, see my blog post Windows Server 2016: Workaround for GPO-MMC wsecedit.dll