2
LVL 105

Expert Comment

by:John
They did not put a date on this (that I could see) but implicated Windows 10 Creator Update as well.

Now there was a fair sized out-of-band Windows 10 Creator Update this afternoon (now build 15062.502 up from 483 yesterday).  

My guess is that Server 2016 got updated as well (but I do not know for sure).

Yet one more reason to keep current on updates.
0
LVL 61

Author Comment

by:McKnife
Hi John.

"Yet one more reason to keep current on updates" - I'd rather call it "one more reason to use applocker". Patches alone don't help. Also, the issue is not fully fixed by the patch. The startup folder is blocked for writing after the patch, but the rest of the profile is not. So still users can place malicious in the start menu template for new users. Microsoft is too lame to see.
This is true for server 2016 and any win10 system that is or has has ever been on v1607. See https://beingwinsysadmin.blogspot.de/2017/07/bug-windows-10-default-user-profile-is.html for the whole story.
0

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month