Microsoft Fixes Windows Server 2016 Security Update Failures

Microsoft has restored Windows Server 2016 KB5094122 installs tied to missing KB5087537 prerequisites, helping admins resume June security patching work.

Markus Kasanmascheff
By Markus Kasanmascheff
Windows Server EC
TL;DR
  • Server 2016 Fix: Microsoft says some Windows Server 2016 systems can now install KB5094122.
  • Missing Baseline: Systems without KB5087537 could hit 0x80070002 or ERROR_FILE_NOT_FOUND during deployment.
  • Package Chain: KB5094122 is the June cumulative update, while KB5087537 is the predecessor package.
  • Scope Caveat: Microsoft has not provided an affected-device count for the resolved deployment issue.
  • Admin Action: Administrators should verify the baseline before treating failures as broader servicing problems.

Microsoft says it has resolved a KB5094122 deployment issue that affected some older server systems missing earlier update prerequisites. The affected product is long-supported Windows Server 2016, not the older 2022 Windows Update installation failure or the separate emergency Windows 11 update earlier in 2026.

Windows Server 2016 remains in use across many organizations because older business applications and server roles can take years to replace or migrate. Although the platform is nearing the end of extended support in January 2027, Microsoft still issues security updates for it, and administrators rely on those patches to keep legacy systems protected and compliant. The KB5094122 issue was therefore a narrow servicing problem: servers that had skipped the required May update, KB5087537, could fail when attempting to install June’s cumulative security package.

Affected machines could show 0x80070002 or ERROR_FILE_NOT_FOUND, errors that indicate Windows could not locate a required file or component during installation. Microsoft has not provided an affected-device count, and detailed incident data may require Microsoft admin-portal permissions.

How the KB5094122 Failure Was Fixed

KB5094122 is the June 9, 2026 cumulative security update for Windows Server 2016 and Windows 10 Enterprise LTSB 2016. Adjacent repairs remain background rather than current proof.

Specialist cataloging separately lists KB5094122 package scope for Windows Server 2016, Windows 10 Enterprise LTSB 2016, and Windows 10 IoT Enterprise LTSB 2016. The current incident centers on a Server 2016 prerequisite chain.

The cumulative security update bundles current fixes with earlier servicing work. KB5087537 is the predecessor update for Windows Server 2016 with OS Build 14393.9140, making it the package administrators need to verify before retrying the June update on affected machines.

KB5094122 includes fixes and improvements from that predecessor package. Machines that skipped KB5087537 could fail on the later cumulative package, while systems kept current through May were outside the same failure path.

KB5094122 also includes Secure Boot certificate changes, a Secure Boot policy setting, and desktop.ini hardening among its documented improvements. Package contents are separate from the installation issue, but they explain why administrators still needed the package to land cleanly after the prerequisite problem was resolved.

Microsoft tracks the incident under Windows status item WI1395301. Server 2016 systems applying KB5094122 should complete installation if the prerequisite chain is present.

Why Server 2016 Patch Reliability Still Matters

Windows Server 2016 still appears in enterprise fleets where older server roles persist for compatibility, application support, or migration timing. Extended support keeps security fixes flowing, so deployment reliability affects whether administrators can keep those systems within the expected patch baseline before support ends in January 2027.

Microsoft recently handled a separate Windows Server 2025 BitLocker recovery issue, but the Server 2016 case gives administrators a narrower task. They need to verify the baseline package before treating a failed deployment as a broader Windows Update problem.

Patch dashboards can show a device as pending, failed, or partially remediated, but administrators need to know whether the deployment target has the predecessor package that the current update expects. Baseline verification helps teams separate a transient retry from a correction task.

Security teams also get a cleaner handoff between compliance reporting and endpoint troubleshooting. For Server 2016, KB5087537 corresponds to OS Build 14393.9140, while KB5094122 moves the branch to OS Build 14393.9234, giving patch teams a concrete build-state check.

What Administrators Should Check Next

Administrators should confirm whether each affected Windows Server 2016 device has the KB5087537 update or an equivalent later baseline installed. After update catalogs and deployment tools have synchronized, they can retry KB5094122 and check whether the same error returns.

Detailed access to Windows release health WI1395301 may depend on Microsoft admin-portal permissions, so local deployment logs and update inventory remain important checks. Devices still behind the May 2026 Patch Tuesday package need the prerequisite chain corrected before KB5094122 can be treated as a normal deployment task.

Markus Kasanmascheff
Markus Kasanmascheff
Markus has been covering the tech industry for more than 15 years. He is holding a Master´s degree in International Economics and is the founder and managing editor of Winbuzzer.com.

Recent News

Load more
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments