Microsoft Security Updates May 2017 release

Microsoft released security updates, and non-security updates, for all supported versions of Microsoft Windows and other company products on the May 2017's Patch Day.

Windows Vista support ended last month, and this is the first month without Windows Vista updates. Coincidentally, May 9th, 2017 is also the day that support for the Windows 10 RTM version ends.

Microsoft switched to a new system in regards to information about product updates. The company did away with security bulletins last month, and things have gotten more complicated in the process as information are not presented as nicely anymore and take longer to go through.

The guide begins with the executive summary, and lists all security, non-security, and security advisory patches and information afterwards. You also find information on how to download the updates, including direct downloads for cumulative updates for Windows 7, Windows 8.1 and Windows 10.

Note: Some users report that they see the Internet Explorer patch KB3008923 again. This patch should not be installed. More info on this at Infoworld.

Microsoft Security Updates May 2017

You can download the following Excel spreadsheet for a list of all security updates that Microsoft released on this May 2017 Patch day: microsoft-windows-may-2017-all-security-updates.zip

Executive Summary

• No more Windows Vista patches.
• This is the last patch day for the Windows 10 RTM release. It won't be supported anymore after today.
• Updates were released for all supported client and server versions of Windows.
• Other Microsoft products with patches are: Internet Explorer, Microsoft Edge, Microsoft Office, the Microsoft .NET Framework, and Adobe Flash Player

Operating System Distribution

• Windows 7:  26 vulnerabilities of which 4 are rated critical, and 22 important
• Windows 8.1: 22 vulnerabilities of which 4 are rated critical, and the remaining 18 important
• Windows RT 8.1: 20 vulnerabilities of which 4 are rated critical, and 16 important
• Windows 10 version 1703: 22 vulnerabilities of which four are rated critical, and 16 important.

Windows Server products:

• Windows Server 2008:  27 vulnerabilities, of which 4 are rated critical, and 23 important
• Windows Server 2008 R2: 27 vulnerabilities, of which 4 are rated critical, and 23 important
• Windows Server 2012 and 2012 R2: 24 vulnerabilities, of which 4 are rated critical and 20 important
• Windows Server 2016: 23 vulnerabilities of which 4 are rated critical, and 19 important

Other Microsoft Products

• Internet Explorer 11: 10 vulnerabilities, 2 critical, 6 important, 2 moderate
• Microsoft Edge: 28 vulnerabilities, 16 critical, the rest important
• Microsoft Office: varies depending on version. See KB4020152 for information.

Security Updates

KB4019263 -- Security-only update for Windows 7 and Windows Server 2008 R2

• Updated Windows Cryptography API to deprecate SHA-1 for SSL/TLS Server Authentication, including in Microsoft Edge and Internet Explorer 11 . See Advisory 4010323 for more information.
• Security updates to Microsoft Graphics Component, Windows COM, Microsoft ActiveX, Windows Server, Windows kernel, and Microsoft Windows DNS.

KB4019213 -- Security-only update for Windows 8.1 and Windows Server 2012 R2

• Updated Windows Cryptography API to deprecate SHA-1 for SSL/TLS Server Authentication, including in Microsoft Edge and Internet Explorer 11. See Advisory 4010323 for more information.
• Security updates to Microsoft Graphics Component, Microsoft Windows DNS, Windows COM, Windows Server and Windows kernel.

KB4018271 -- Cumulative security update for Internet Explorer: May 9, 2017

• Addressed issue where, after installing security update KB4015551, applications that use msado15.dll stop working.
• Addressed issue where, after installing KB3187754, clients can no longer access a file server when using SMB1 and NTLM authentication under certain conditions. No credential dialog appears, and the user receives the error, “A specified logon session does not exist. It may already have been terminated.”
• Security updates to Microsoft Graphics Component, Windows COM, Windows Server, Windows Kernel, Internet Explorer, and Microsoft Windows DNS.

KB4019216 -- Windows Server 2012 monthly rollup.

KB4019108 -- Security Only update for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 9, 2017

KB4019109 -- Security Only update for the .NET Framework 2.0 Service Pack 2, 4.5.2, and 4.6 updates for Windows Server 2008 Service Pack 2: May 9, 2017

KB4019110 --  Security Only update for the .NET Framework 3.5 Service Pack 1, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates for Windows Server 2012: May 9, 2017

KB4019111 -- Security Only update for the .NET Framework 3.5 Service Pack 1, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates for Windows 8.1 and Windows Server 2012 R2: May 9, 2017

Security advisories and updates

Microsoft Security Advisory 4010323 -- Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11

Microsoft Security Advisory 4021279 -- Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege

Microsoft Security Advisory 4022345 -- Identifying and correcting failure of Windows Update client to receive updates

Microsoft Security Advisory 4022344 -- Security Update for Microsoft Malware Protection Engine (check out our coverage here)

Non-security related updates

KB4019264 -- Monthly rollup for Windows 7 and Windows Server 2008 R2

• Addressed issue where, after installing security update KB4015549, applications that use msado15.dll stop working.
• Updated Internet Explorer 11’s New Tab Page with an integrated newsfeed.
• Deprecated SHA-1 Microsoft Edge and Internet Explorer 11 for SSL/TLS Server Authentication. See Advisory 4010323 for more information.
• Security updates to Internet Explorer, Microsoft Graphics Component, Windows COM, Microsoft ActiveX, Windows Server, Windows kernel, and Microsoft Windows DNS.

KB4019215 -- Monthly rollup for Windows 8.1 and Windows Server 2012 R2

• same as KB4019264

KB4016871 -- Cumulative update for Windows 10 Version 1703 (OS Build 15063.296 and 15063.297)

• Addressed issue with Surface Hub devices waking from sleep approximately every four minutes after the first two hours.
• Addressed issue where autochk.exe can randomly skip drive checks and not fix corruptions, which may lead to data loss.
• Addressed an issue where Microsoft Edge users in networking environments that do not fully support the TCP Fast Open standard may have problems connecting to some websites. Users can re-enable TCP Fast Open in about:flags.
• Addressed issues with Arc Touch mouse Bluetooth connectivity.
• Security updates to Microsoft Edge, Internet Explorer, Microsoft Graphics Component, Windows SMB Server, Windows COM, Microsoft Scripting Engine, Windows kernel, Windows Server, and the .NET Framework.

KB4020498 -- Update for .NET Framework 4.6.2 on Windows Server 2012 for x64

KB4020499 -- Update for .NET Framework 4.6.2 on Windows 8.1 and Windows Server 2012 R2

KB4020500 -- Update for .NET Framework 4.6, 4.6.1 on Windows Embedded 8 Standard and Windows Server 2012

KB4020502 -- Update for .NET Framework 4.6, 4.6.1 on Windows 8.1 and Windows Server 2012 R2

KB4020503 -- Update for .NET Framework 4.6 on Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4020505 -- Update for .NET Framework 4.5.2 on Windows 8.1 and Windows Server 2012 R2

KB4020506 -- Update for .NET Framework 4.5.2 on Windows Embedded 8 Standard and Windows Server 2012

KB4020507 -- Update for .NET Framework 4.5.2 on Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008

KB4020510 -- Update for .NET Framework 4 on WES09 and POSReady 2009

KB4020511 -- Update for .NET Framework 2.0 on Windows Server 2008

KB4020512 -- Update for .NET Framework 3.5 on Windows Embedded 8 Standard and Windows Server 2012

KB4020513 -- Update for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4020514 -- Update for .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2

KB4020517 -- Update for .NET Framework 2.0 SP2 on WES09 and POSReady 2009

KB4015193 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows XP Embedded

KB4015552 -- April, 2017 Preview of Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2

KB4015553 -- April, 2017 Preview of Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4015554 -- April, 2017 Preview of Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4016240 -- Windows 10 Version 1703 OS Build 15063.250 upgrade

• Addressed issue where VMs might experience loss in network connectivity while provisioning IP addresses.
• Addressed issue that does not initiate a remote ring on the device when RemoteRing Configuration Service Provider (CSP) is used.
• Addressed issue where a memory leak occurs in Internet Explorer when hosting pages containing nested framesets that load cross-domain content.
• Addressed issue where Internet Explorer 11 does not save JavaScript files when exporting to an MHT file.
• Addressed issue that causes users to get logged out from Web applications intermittently.
• Addressed issue with a very dim internal monitor that may occur when booting with the external monitor only and then switching to the built-in panel only.
• Addressed issue where running Win32 Direct3D applications or games in full-screen exclusive mode causes the system to become unresponsive when resuming from Connected Standby.
• Addressed issue where when upgrading to Windows 10, version 1703, with the system language set to Chinese, the progress page displays geometric shapes instead of the correct localized strings.
• Addressed issue that prevents the lock screen from being disabled using Group Policy on Professional SKUs.
• Addressed issue in Windows Forms configuration options, which causes antivirus applications to stop working at startup.
• Addressed additional issues with compatibility, Internet Explorer, and Microsoft Edge.

How to download and install the May 2017 security updates

All security updates for Microsoft products are available through Windows Update, various business update services and systems, on the Microsoft Download Center website, and also direct downloads provided on the Microsoft Update Catalog website.

Most Windows systems have automatic updates enabled (as it is the default). This means that updates will be pushed to these systems automatically.

You can run manual checks for updates at any time:

1. Tap on the Windows-key on your computer keyboard, type Windows Update, and hit the Enter-key.
2. Depending on the configuration, Windows Update will run checks for updates automatically, or when you click on the "check for updates" button.
3. Updates are then offered for download, or downloaded automatically depending on system settings.

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP1

• KB4019264: May, 2017 Security Monthly Quality Rollup

• KB4019263: May, 2017 Security Only Quality Update

Windows 8.1 and Windows Server 2012 R2

• KB4019215: May, 2017 Security Monthly Quality Rollup
• KB4019213: May, 2017 Security Only Quality Update

Windows 10 and Windows Server 2016 (version 1703)

• KB4016871 --  Cumulative Update for Windows 10 Version 1703

Additional resources

• May 2017 Security Updates release notes
• List of software updates for Microsoft products
• List of security advisories
• Security Updates Guide
• Microsoft Update Catalog site
• Our in-depth Windows update guide
• Windows 10 Update History
• Windows 8.1 Update History
• Windows 7 Update History

Advertisement