diff --git "a/win32ss/user/ntuser/message.c" "b/win32ss/user/ntuser/message.c"
index ce9da97c1a5..92fa6eaf87a 100644
--- "a/win32ss/user/ntuser/message.c"
+++ "b/win32ss/user/ntuser/message.c"
@@ -12,6 +12,22 @@
 DBG_DEFAULT_CHANNEL(UserMsg);
 
 #define PM_BADMSGFLAGS ~((QS_RAWINPUT << 16)|PM_QS_SENDMESSAGE|PM_QS_PAINT|PM_QS_POSTMESSAGE|PM_QS_INPUT|PM_NOYIELD|PM_REMOVE)
+#define EXCEPTION_ACCESS_VIOLATION ((DWORD)0xC0000005)
+
+WCHAR StrUserKernel[3][20] = {{L"intl"}, {L"Environment"}, {L"Policy"}};
+
+INT PosInArray(WCHAR String[])
+{
+    INT i;
+    INT End = sizeof(StrUserKernel)/(20 * sizeof(WCHAR));
+
+    for (i = 0; i < End; ++i)
+    {
+        if (wcsncmp(String, StrUserKernel[i], 20) == 0)
+            return i;
+    }
+    return -1;
+}
 
 /* FUNCTIONS *****************************************************************/
 
@@ -459,8 +475,30 @@ CopyMsgToKernelMem(MSG *KernelModeMsg, MSG *UserModeMsg, PMSGMEMORY MsgMemoryEnt
         /* Copy data if required */
         if (0 != (MsgMemoryEntry->Flags & MMS_FLAG_READ))
         {
+            WCHAR lParamMsg[12] = { 0 };
+
             TRACE("Copy Message %u from usermode buffer\n", KernelModeMsg->message);
-            Status = MmCopyFromCaller(KernelMem, (PVOID) UserModeMsg->lParam, Size);
+
+            _SEH2_TRY
+            {
+                if (UserModeMsg->lParam)
+                    RtlCopyMemory( lParamMsg, (WCHAR*)UserModeMsg->lParam, sizeof(lParamMsg));
+            }
+            _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
+            {
+                _SEH2_YIELD(return EXCEPTION_ACCESS_VIOLATION);
+            }
+            _SEH2_END;
+
+            if (UserModeMsg->lParam && !UserModeMsg->wParam &&
+                PosInArray(lParamMsg) >= 0)
+            {
+                TRACE("Copy String '%S' from usermode buffer\n", lParamMsg);
+                wcscpy(KernelMem, lParamMsg);
+                return STATUS_SUCCESS;
+            }
+            else
+                Status = MmCopyFromCaller(KernelMem, (PVOID) UserModeMsg->lParam, Size);
             if (! NT_SUCCESS(Status))
             {
                 ERR("Failed to copy message to kernel: invalid usermode lParam buffer\n");
@@ -2721,6 +2759,12 @@ NtUserMessageCall( HWND hWnd,
                         }
                         ExFreePoolWithTag(List, USERTAG_WINDOWLIST);
                      }
+                     if (lParam && wcscmp((WCHAR*)lParam, L"Environment") == 0)
+                     {
+                         /* Handle Broadcast of WM_SETTINGCHAGE for Environment */
+                         co_IntDoSendMessage(HWND_BROADCAST, WM_SETTINGCHANGE,
+                                             0, (LPARAM)L"Environment", 0);
+                     }
                      Ret = TRUE;
                   }
                }