January Security Update modify the permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Security
This result with errors in the Event Viewer after applying the january rollup update if you are using GPO to apply setting to Eventlog Security.
So here are the explanations :
If you have a GPO that uses this section (pretty common), then you are affected, this part of GPO uses the key I mention earlier
After January Security Updates when we apply GPO here what we can see
So Local Service try to Read/Write to this Key, let see what are the permissions after January patches
What is required not to have the error is giving Local Service the rights that it needed
You can see the EventID 40 on Windows 2012, 2016, 2019.
On Windows Server 2022, you get the Access Denied but no Event ID 40 !?!