Microsoft Security Updates April 2017 release

Microsoft released security updates, and non security updates for all supported versions of Microsoft Windows and other company products today.

The April 2017 Patch Tuesday is special. First, because it marks the end of Windows Vista's extended support phase. Microsoft won't release security updates for Windows Vista officially anymore.

Second, it marks the beginning of the roll out phase of the Windows 10 Creators Update.

Our guide provides you with information on today's Patch day. It begins with an executive summary that lists the highlights of this month's Patch day.

We had to change the guide somewhat this month as Microsoft moved from offering information in security bulletins to using the Security Update Guide website exclusively. This makes it more difficult to gather information for this overview as you get a lot of noise in the listings.

Microsoft Security Updates April 2017

security updates april 2017 microsoft

You can download an Excel spreadsheet that lists all released security updates for all Microsoft products released in April 2017 with a click on the following link: april-2017-security-updates-microsoft.zip

Executive Summary

  • Security Bulletins are no longer provided. Microsoft switched the information system to the Security Update Guide fully.
  • The April security update patches issues in all supported versions and editions of Microsoft Windows.
  • Other Microsoft products with patches are Microsoft Edge and Internet Explorer, the .NET Framework, Silverlight, and Microsoft Office.

Operating System Distribution

  • Windows Vista: 9 vulnerabilities, 1 critical, 8 important
  • Windows 7: 9 vulnerabilities, 1 critical, 8 important.
  • Windows 8.1: 23 vulnerabilities, 4 critical, 19 important.
  • Windows RT 8.1: 11 vulnerabilities, 1 critical, 10 important.
  • Windows 10 version 1703: 21 vulnerabilities, 5 critical, 16 important.

Windows Server products:

  • Windows Server 2008:  12 vulnerabilities, 3 critical, 9 important
  • Windows Server 2008 R2: 13 vulnerabilities, 3 critical, 10 important
  • Windows Server 2012 and 2012 R2: 24 vulnerabilities, 4 critical, 20 important
  • Windows Server 2016: 41 vulnerabilities, 10 critical, 31 important

Other Microsoft Products

  • Internet Explorer 11: 1 critical, 1 important
  • Microsoft Edge: 3 critical, 1 important, 1 moderate
  • Microsoft Office: 42 vulnerabilities affecting various versions and editions of Office,with 2 vulnerabilities rated critical

Security Updates

KB4015583 -- April 11, 2017 for Windows 10 Version 1703

  • Addressed issues with updated time zone information.
  • Security updates to Scripting Engine, libjpeg image-processing library, Hyper-V, Windows kernel-mode drivers, Adobe Type Manager Font Driver, Internet Explorer, Graphics Component, Active Directory Federation Services, .NET Framework, Lightweight Directory Access Protocol, Microsoft Edge and Windows OLE.

KB4015550 -- Monthly Rollup for Windows 8.1 and Windows Server 2012 R2

This security update includes improvements and fixes that were a part of update KB4012219 (released March 21, 2017) and resolves the security vulnerabilities in Hyper-V, libjpeg image-process library, Win32K, Adobe Type Manager font driver, Active Directory Federation Services, Lightweight Directory Access Protocol, Windows kernel-mode drivers, OLE, Scripting Engine, Windows Graphics component and Internet Explorer in addition to these quality improvements:

  • Addressed an issue that was causing Authentication Success and Failure events with Event ID 4768 to not be logged after installing KB4012216.
  • Addressed a bug check encountered on Windows Server 2012 R2 Hyper-V hosts with error code 0xE4 after installing KB4012216.
  • Addressed issue where a server may fail with STOP 0x3B error leading to data loss when Input Method Editors (IME) like keyboards are installed.

KB4015546 -- Security-only Rollup for Windows 7 SP1 and Windows Server 2008 R2

  • This security update includes improvements and fixes that were a part of update KB4012218 (released March 21, 2017), and also resolves the following security vulnerabilities in Windows: scripting engine, Hyper-V, libjpeg image-processing library, Adobe Type Manager Font Driver, Win32K, Microsoft Outlook, Internet Explorer, Graphics Component, Windows kernel-mode drivers and Lightweight Directory Access Protocol.

KB4015547 -- Security-only Rollup for Windows 8.1 and Windows Server 2012 R2

KB4015548 -- April, 2017 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4015549 -- Monthly Rollup for Windows 7 SP1 and Windows Server 2008 R2

KB4015551 -- April, 2017 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4018483 -- Security Update for Adobe Flash Player for Windows 10 Version 1607, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012

KB3211308 -- Security Update for Windows Server 2008 for x64-based Systems --  Security update for the Hyper-V vulnerability in Windows Server 2008: April 11, 2017

KB3217841 -- Security Update for Windows Server 2008 for x64-based Systems -- Security update for the Hyper-V denial of service vulnerability in Windows Server 2008: April 11, 2017

KB4014652 -- Security Update for Windows Server 2008, Windows Vista, and Windows XP Embedded -- Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

KB4014661 -- Cumulative Security Update for Internet Explorer

KB4014793 -- Security Update for Windows Vista, Windows Server 2008, and Windows XP Embedded -- Security update for the Microsoft Office remote code execution vulnerability: April 11, 2017

KB4014794 -- Security Update for Windows Server 2008, Windows Vista, and Windows XP Embedded -- Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

KB4014981 -- April, 2017 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4014982 -- April, 2017 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1 on Windows Embedded 8 Standard and Windows Server 2012

KB4014983 -- April, 2017 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4014984 -- April, 2017 Security and Quality Rollup for .NET Framework 2.0 on Windows Server 2008 and Windows Vista

KB4014985 -- April, 2017 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R

KB4014986 -- April, 2017 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1 on Windows Embedded 8 Standard and Windows Server 2012

KB4014987 -- April, 2017 Security Only Update for .NET Framework 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4014988 -- April, 2017 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 and Windows Vista

KB4015067 -- Security Update for Windows Server 2008, Windows Vista, and WES09 and POSReady 2009

Read also:  Search the Group Policy with Microsoft's GPSearch web service

KB4015068 -- Security Update for Windows Server 2008 and Windows Vista -- Security update for the LDAP elevation of privilege vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

KB4015195 -- Security Update for Windows Server 2008, Windows Vista, and Windows XP Embedded -- Security update for the Win32k information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

KB4015380 -- Security Update for Windows Server 2008, Windows Vista, and Windows XP Embedded -- Security update for the ATMFD.dll information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

KB4015383 -- Security Update for Windows Server 2008, Windows Vista, and Windows XP Embedded -- Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

Security advisories and updates

Non-security related updates

KB4016654 -- Dynamic Update for Windows 10 Version 1607 -- Compatibility update for upgrading to Windows 10 Version 1607 and Windows Server 2016

KB4016251 -- Update for Windows 10 version 1703

  • Addressed issue with Windows audio devicegraph isolation burning CPU-endless loop due to defective APOs.
  • Addressed installation issue with V3 XPS-based printer connections from non-1703 clients to 1703.
  • Issue with Surface USB: Bluetooth radio sometimes fails to re-enumerate during hibernate/resume.
  • Addressed issue with virus protection product driver install triggering a system crash on build 15060 configured with DeviceGuard.

KB4016635 -- Update for Windows 10 version 1607, and Windows Server 2016

  • Addressed a known issue with KB4013429 that caused form display issues with CRM 2011 on Internet Explorer 11.
  • Addressed the issue with KB4013429 that prevents users from updating apps from Windows Store with 0x80070216 error

KB4015438 -- Update for Windows 10 version 1607, and Windows Server 2016

  • Addressed a known issue with KB4013429 that caused Windows DVD Player (and 3rd party apps that use Microsoft MPEG-2 handling libraries) to crash.
  • Addressed a known issue with KB4013429, that some customers using Windows Server 2016 and Windows 10 1607 Client with Switch Embedded Teaming (SET) enabled might experience a deadlock or when changing the physical adapter’s link speed property.

KB4017018 -- Update for Windows Server 2008, Windows Vista, and Windows XP Embedded -- Security update for Microsoft Graphics Component

KB890830 -- Windows Malicious Software Removal Tool - April 2017

KB4016754 -- Update for Windows 10, Windows 8.1, Windows 7, and Windows Vista -- MTP driver update causes USB connected phone or portable device issue

KB4017099 -- Update for Windows 10 Version 1511 -- MTP driver update causes USB connected phone or portable device issue

KB4017100 -- Update for Windows 10 Version 1607 -- MTP driver update causes USB connected phone or portable device issue

KB3191564 -- Update for Windows 8.1 and Windows Server 2012 R2 -- Update for Windows Management Framework 5.1 for Windows 8.1 and Windows Server 2012 R2

KB3191565 -- Update for Windows Server 2012 -- Update for Windows Management Framework 5.1 for Windows Server 2012.

KB4016446 -- Update for Internet Explorer -- Forms in Dynamics CRM 2011 are broken after KB 4013073 for Internet Explorer 11 is installed

KB3216520 -- March, 2017 Preview of Quality Rollup for .NET Framework 2.0 on Windows Server 2008 and Windows Vista.

KB3216521 -- March, 2017 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2.

KB3216522 -- March, 2017 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1 on Windows Embedded 8 Standard and Windows Server 2012.

KB3216523 -- March, 2017 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2.

KB3217877 -- Update for Windows Server 2008 and Windows Vista -- When you use the fread() function to read data from a pipe in Windows Vista Service Pack 2, the runtime program may omit line feed (LF) characters between lines and cause corrupted output.

KB4012218 -- March, 2017 Preview of Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2.

KB4012219 -- March, 2017 Preview of Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.

KB4012220 -- March, 2017 Preview of Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012.

KB4012864 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded

How to download and install the April 2017 security updates

All security updates are available through Windows Update. Microsoft publishes cumulative updates for Windows 7, Windows 8.1 and Windows 10 that include security and non-security updates.

If you only want security updates, make sure you disable Windows Update on your computers and download them separately from the Microsoft Update Catalog website instead (using the links below).

Some updates are also available on the Microsoft Download Center website.

To check for updates using Windows Update, do the following:

  1. Tap on the Windows-key, type Windows Update, and select the item from the results.
  2. Click on check for updates button if update checks don't run automatically. Windows should list all new updates available for the system.
  3. Updates may be downloaded automatically, or on user request then.

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP1

Windows 8.1 and Windows Server 2012 R2

Windows 10 and Windows Server 2016 (version 1703)

  • KB4015583 --  Cumulative Update for Windows 10 Version 1703

Additional resources

Summary
Article Name
Microsoft Security Updates April 2017 release
Description
Microsoft released security updates, and non security updates for all supported versions of Microsoft Windows and other company products today.
Author
Publisher
Ghacks Technology News
Logo
Advertisement
Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to Microsoft Security Updates April 2017 release

  1. Carson Wyler April 11, 2017 at 8:04 pm #

    My Win 8.1 x64 updates of 11 April 2017 include KB4014983 April, 2017 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64. It's not mentioned in this listing of the April updates, nor can I find ANY reference to it ANYWHERE. What is it?

    • Martin Brinkmann April 11, 2017 at 8:07 pm #

      I have updated the listing. the Net framework updates are listed now

    • Sugram22 April 12, 2017 at 11:29 am #

      copy paste of my post

      POST 1:
      today's morning Windows Malicious Software Removal Tool failed windows update https://ibb.co/gSVJT5, should i be worried? or should i W8 for next update next month?

      POST 2:
      but when i did that, used that exe one new stopped working report was made, but it did not stop i pushed cancel cause i did not want to start scan, i wanted to install, i just looked error reports

      POST 3:
      when i downloaded from here https://www.microsoft.com/en-us/download/malicious-software-removal-tool-details.aspx it did not start install, instead it gave me option to use it to scan does this mean that update history &... is false positive? that win does not recognize resent update to removal tool?

      • Sugram22 April 12, 2017 at 5:28 pm #

        i have win 8.1 64Bit

    • DaxVR5 April 27, 2017 at 5:59 pm #

      KB4014983 is 4 Sept KB's per MS Catalog; not a separate msu

      • DaxVR5 April 27, 2017 at 6:11 pm #

        BAD link sent to me -- 4014983 has 4 current .NET patches; no install issues

  2. Carolyne April 11, 2017 at 8:17 pm #

    What is KB4014983? It's in the 11 April 2017 releases for Win 8.1 X64.

  3. Nikad Bolje April 11, 2017 at 9:40 pm #

    KB4015546 -- Security-only Rollup for Windows 7 SP1 and Windows Server 2008 R2

    KB4015547 -- Security-only Rollup for Windows 8.1 and Windows Server 2012 R2

    SMQR Rollups? or SOQU Updates. M$ terms encourage confusion (part of the plan?)

  4. Yuliya April 11, 2017 at 10:25 pm #

    Windows 7: 9 vulnerabilities, 1 critical
    Windows 8.1: 23 vulnerabilities, 4 critical
    Windows 10 version 1703: 21 vulnerabilities, 5 critical

    You know you're doing it wrong when your older OS is more secure than your newer ones. Showing you ads, tracking you to show you even more ads, and moving Control Panel items to a new pathetic interface that nobody likes or asked for in the first place is more important than having your OS secure.

    • EuroSkept1C April 12, 2017 at 2:20 am #

      I suspect only the 1703 version has more vulnerabilities since the new features arrived. Even then, still wouldn't be so strange since Win 10 acts as a service and continuously receives features whilst the other OSes don't.

    • Mark April 13, 2017 at 4:32 pm #

      Those numbers show vulnerabilities that no longer exist; they do not show how many vulnerabilities remain in the product (because no-one knows that number). It may simply be that more vulnerabilities were fixed in later versions because MS put more resources into fixing them. So it's not a very useful metric for determining which OS is actually more secure.

      It also ignores the fact that Windows 10 is less vulnerable to specific types of attacks than Windows 7 due to features like VBS, protected processes, heap guard pages etc.

  5. Grimley April 11, 2017 at 10:26 pm #

    Buggy. 3 PCs updated (2 laptops, 1 desktop). All exhibit the same behavior: booting from a powered down state brings up a desktop without text (below icons and in various windows). PC must be rebooted in order to correct this.

  6. insanelyapple April 11, 2017 at 10:53 pm #

    Has someone noticed application UNPCampaignManager.exe requesting Internet access on W10 after getting these updates?

    • anonymous April 12, 2017 at 8:48 am #

      Yes, I did. Seems it was not just me.

      • anonB April 12, 2017 at 4:22 pm #

        same here. a whois query says its trying to reach akamai ( https://who.is/whois-ip/ip-address/23.78.145.102 )

      • Rat April 12, 2017 at 5:50 pm #

        Ditto. Started up this morning on firewall. Install date is showing April 2.

        What exactly is this - Google isn't showing anything other than this thread.

    • Anonymous April 12, 2017 at 3:41 pm #

      I just noticed it as well. It seems odd, but the name bears a resemblance to an election being held somewhere in the middle east (google it).

      • Anonymous June 2, 2017 at 5:56 pm #

        very shady, I still cant find anything and it has hijacked my computer meaning I cant delete it in start up and if I turn it off it turns itself back on.

    • Peter Pandora April 13, 2017 at 2:48 pm #

      Yes. My avast let me block it.
      WTF is it?

    • Darren April 13, 2017 at 5:14 pm #

      I noticed it too, I thought it was from one of my games and its taking a bit of my download speed.

  7. Karol April 12, 2017 at 1:30 am #

    W10x64, 1703, I can't install a flash player, error 0x8000ffff. I can't also install KB4015583 because I got an error 0x8e5e0408. Anybody else or is it just me?

  8. Fena April 12, 2017 at 3:18 am #

    Using systeminfo from command prompt I installed Win7 64 bit service pack 1 on 4/26/2010, 4:39:36 AM. Since then NO
    updates & I do not have internet explorer loaded. Almost 7 years with NO problems. Free Avast is my anti-virus.

    No updates allowed NO patches NO rubbish means NO problems. I am sure there are others out there like me.

  9. CpuKill April 12, 2017 at 3:56 am #

    Doesthe new update include the CPU Blacklist patch of the last Monthly Preview Rollup?

  10. max April 12, 2017 at 8:59 am #

    win7 x64
    kb4014981 - get me infinite update ;-)

  11. zund April 12, 2017 at 11:41 am #

    btw, KB4015550 brings back the "good, ole" diagtrack service. :(

  12. TelV April 12, 2017 at 11:54 am #

    Hi Martin,

    Thanks once again for the comprehensive info.

    I successfully downloaded the security only update for Windows 8.1, but couldn't find a download link to the NET Framework security only update kb4014987 anywhere. I subsequently perused the catalog and found it here: https://www.catalog.update.microsoft.com/Search.aspx?q=kb4014987

    However, it seems to comprise of four separate updates called respectively kb4014556, kb4014574, kb4014562 and kb4014550. I've uploaded an image of it here: https://i.imgsafe.org/df3b840801.png

    It depends here on which NET Framework users have installed. Here's how the relate to each other:
    - 4014574 installs the security only update for NET Framework 3.5
    - 4014562 installs the security only update for NET Framework 4.5.2
    - 4014556 installs the security only update for NET Framework 4.6 and 4.6.1
    - 4014550 installs the security only update for NET Framework 4.6.2

    I guess Microsoft was too lazy to separate them into their different catagories.

    Forgot to mention that when you click the link to kb4014987 you might get an error. If so, go to the catalog home page and then search from there.

  13. not so bright April 12, 2017 at 1:27 pm #

    Microsoft is so confusing nowadays. I don't understand. Does such rollups like KB4015549 and KB4014981 include non-security updates which contain some of that W10 stuff?

  14. jester April 12, 2017 at 4:32 pm #

    Why the fuck is a security update for Outlook part of a security-only update for WINDOWS?

  15. chris April 12, 2017 at 7:04 pm #

    I searched for the "security only" update for the .Net Framework using the query you provided me with in your "December 2016 security updates" topic.
    https://www.catalog.update.microsoft.com/Search.aspx?q=KB4014985

    When I click the download link for the "April, 2017 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 7 and Windows Server 2008 R2 for x64 (KB4014985)" entry, I get 4 different downloads.
    Am I supposed to install all of them?

    I currently have the .net Framework 4.6.2 on Windows 7 64-bit.
    Thanks

    • James T. April 12, 2017 at 9:30 pm #

      chris

      support(.) microsoft (.) com/en-us/help/4014552/description-of-the-security-update-for-the-net-framework-4-6-2-for-win

      NDP46-KB4014552-x64.exe

  16. Just a Concerned User April 13, 2017 at 3:50 am #

    Putting aside all the tales of the telemetry and privacy woes, I've been pretty happy with Windows 10 so far. I also think that it has come a long way since it was first released. But after doing the Cumulative Update (KB4015583) and jumping from build 15063.13 to 15063.138 via Windows Update yesterday, which by the way went surprisingly well for me.

    I did notice in the new Windows Defender Security Center under Device performance & health, that the Health report says report is not available. It has been like that since I updated last night. I have restarted my system several times, but it still shows no report is available. In build 15063.13 everything was fine and the health reports were working fine.

    To my surprise, I have to admit that the Windows 10 Creators Update via the Update Assistant went very smoothly for me on April 5th. I encountered a plenty of problems with the Anniversary Update and plenty more issues with the cumulative updates that were released. I did find that downloading and installing the updates manually always installed without any problems.

    • Declan April 15, 2017 at 6:58 pm #

      @Just a Concerned User
      Which department at Microsoft do you work in?

      • Just a Concerned User April 16, 2017 at 6:00 pm #

        @Declan

        I may not be as tech savvy as some of the folks here, so I really don't know what else to say, but so far, aside from the missing health report, I'm sorry I just haven't experienced any of the problems related to the new Creators Update that people have been reporting.

        I have an HP G62-354CA laptop which I purchased used back in 2013, it's got an older Intel i3, with 4GB memory and Intel GMA 4500M, and everything I need, I can do on this laptop.

        And I am sorry to disappoint, but I don't work for Microsoft, I'm a full-time caregiver for my mom who is not well.

  17. Sirus @ Sirusdark April 14, 2017 at 10:34 pm #

    I too have UNPCampaignManager.exe trying to connect to the Internet since my last update(s).
    - Win 10 Pro 64 bit, Version 1607 (OS Build 14393.1066)

    File is located in:
    C:\Windows\System32\UNP

    Which has the following files:
    -UNPCampaignManager.exe
    -UNPDetector.exe
    -UNPUX.dll
    -UNPUXHost.exe
    -UNPUXLauncher.exe

    Anyone has more info on this? What does UNP means? We all know it may have something to do with the new Win10Creator thingy, but what are these file's roles?

  18. Yossi April 17, 2017 at 12:30 pm #

    it seems that we can.

    it's only before you install windows 10 like preparation

    https://support.microsoft.com/en-us/help/4014916/windows-10-choose-your-privacy-settings-for-windows-10-creators-update

  19. Bunty April 20, 2017 at 8:50 pm #

    After the latest security updates to Windows 7 64-bit Windows Explorer crashes and restarts repeatedly when you go into Control Panel > System on my Asus laptop. Also, Logitech Setpoint software will cease to work properly too. An icon will load down by the clock but when you mouse over it, it disappears. You can not click it to load. Also Setpoint ceases to work so your fancy $100+ mouse turns into a $8 mouse...

    I'm so sick of this crap!

  20. coakl April 20, 2017 at 11:41 pm #

    The update for I.E., KB4014661 -- Cumulative Security Update for Internet Explorer, contains a new security feature:
    KB 4012494 Option to disable VBScript execution in Internet Explorer for Internet Zone and Restricted Sites Zone

    It looks a lot like the Attack Surface Reduction mitigation in EMET.

Leave a Reply