Microsoft Security Updates May 2017 release

Microsoft released security updates, and non-security updates, for all supported versions of Microsoft Windows and other company products on the May 2017's Patch Day.
Windows Vista support ended last month, and this is the first month without Windows Vista updates. Coincidentally, May 9th, 2017 is also the day that support for the Windows 10 RTM version ends.
Microsoft switched to a new system in regards to information about product updates. The company did away with security bulletins last month, and things have gotten more complicated in the process as information are not presented as nicely anymore and take longer to go through.
The guide begins with the executive summary, and lists all security, non-security, and security advisory patches and information afterwards. You also find information on how to download the updates, including direct downloads for cumulative updates for Windows 7, Windows 8.1 and Windows 10.
Note: Some users report that they see the Internet Explorer patch KB3008923 again. This patch should not be installed. More info on this at Infoworld.
Microsoft Security Updates May 2017
You can download the following Excel spreadsheet for a list of all security updates that Microsoft released on this May 2017 Patch day: microsoft-windows-may-2017-all-security-updates.zip
Executive Summary
- No more Windows Vista patches.
- This is the last patch day for the Windows 10 RTM release. It won't be supported anymore after today.
- Updates were released for all supported client and server versions of Windows.
- Other Microsoft products with patches are: Internet Explorer, Microsoft Edge, Microsoft Office, the Microsoft .NET Framework, and Adobe Flash Player
Operating System Distribution
- Windows 7:Â 26 vulnerabilities of which 4 are rated critical, and 22 important
- Windows 8.1: 22 vulnerabilities of which 4 are rated critical, and the remaining 18 important
- Windows RT 8.1: 20 vulnerabilities of which 4 are rated critical, and 16 important
- Windows 10 version 1703: 22 vulnerabilities of which four are rated critical, and 16 important.
Windows Server products:
- Windows Server 2008:Â 27 vulnerabilities, of which 4 are rated critical, and 23 important
- Windows Server 2008 R2: 27 vulnerabilities, of which 4 are rated critical, and 23 important
- Windows Server 2012 and 2012 R2: 24 vulnerabilities, of which 4 are rated critical and 20 important
- Windows Server 2016: 23 vulnerabilities of which 4 are rated critical, and 19 important
Other Microsoft Products
- Internet Explorer 11: 10 vulnerabilities, 2 critical, 6 important, 2 moderate
- Microsoft Edge: 28 vulnerabilities, 16 critical, the rest important
- Microsoft Office: varies depending on version. See KB4020152 for information.
Security Updates
KB4019263 -- Security-only update for Windows 7 and Windows Server 2008 R2
- Updated Windows Cryptography API to deprecate SHA-1 for SSL/TLS Server Authentication, including in Microsoft Edge and Internet Explorer 11 . See Advisory 4010323 for more information.
- Security updates to Microsoft Graphics Component, Windows COM, Microsoft ActiveX, Windows Server, Windows kernel, and Microsoft Windows DNS.
KB4019213 -- Security-only update for Windows 8.1 and Windows Server 2012 R2
- Updated Windows Cryptography API to deprecate SHA-1 for SSL/TLS Server Authentication, including in Microsoft Edge and Internet Explorer 11. See Advisory 4010323 for more information.
- Security updates to Microsoft Graphics Component, Microsoft Windows DNS, Windows COM, Windows Server and Windows kernel.
KB4018271 -- Cumulative security update for Internet Explorer: May 9, 2017
- Addressed issue where, after installing security update KB4015551, applications that use msado15.dll stop working.
- Addressed issue where, after installing KB3187754, clients can no longer access a file server when using SMB1 and NTLM authentication under certain conditions. No credential dialog appears, and the user receives the error, “A specified logon session does not exist. It may already have been terminated.â€
- Security updates to Microsoft Graphics Component, Windows COM, Windows Server, Windows Kernel, Internet Explorer, and Microsoft Windows DNS.
KB4019216 -- Windows Server 2012 monthly rollup.
KB4019108 -- Security Only update for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates for Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1: May 9, 2017
KB4019109 -- Security Only update for the .NET Framework 2.0 Service Pack 2, 4.5.2, and 4.6 updates for Windows Server 2008 Service Pack 2: May 9, 2017
KB4019110 --Â Security Only update for the .NET Framework 3.5 Service Pack 1, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates for Windows Server 2012: May 9, 2017
KB4019111 -- Security Only update for the .NET Framework 3.5 Service Pack 1, 4.5.2, 4.6, 4.6.1, and 4.6.2 updates for Windows 8.1 and Windows Server 2012 R2: May 9, 2017
Security advisories and updates
Microsoft Security Advisory 4010323 -- Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11
Microsoft Security Advisory 4021279 -- Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege
Microsoft Security Advisory 4022345 -- Identifying and correcting failure of Windows Update client to receive updates
Microsoft Security Advisory 4022344 -- Security Update for Microsoft Malware Protection Engine (check out our coverage here)
Non-security related updates
KB4019264 -- Monthly rollup for Windows 7 and Windows Server 2008 R2
- Addressed issue where, after installing security update KB4015549, applications that use msado15.dll stop working.
- Updated Internet Explorer 11’s New Tab Page with an integrated newsfeed.
- Deprecated SHA-1 Microsoft Edge and Internet Explorer 11 for SSL/TLS Server Authentication. See Advisory 4010323 for more information.
- Security updates to Internet Explorer, Microsoft Graphics Component, Windows COM, Microsoft ActiveX, Windows Server, Windows kernel, and Microsoft Windows DNS.
KB4019215 -- Monthly rollup for Windows 8.1 and Windows Server 2012 R2
- same as KB4019264
KB4016871 -- Cumulative update for Windows 10 Version 1703 (OS Build 15063.296 and 15063.297)
- Addressed issue with Surface Hub devices waking from sleep approximately every four minutes after the first two hours.
- Addressed issue where autochk.exe can randomly skip drive checks and not fix corruptions, which may lead to data loss.
- Addressed an issue where Microsoft Edge users in networking environments that do not fully support the TCP Fast Open standard may have problems connecting to some websites. Users can re-enable TCP Fast Open in about:flags.
- Addressed issues with Arc Touch mouse Bluetooth connectivity.
- Security updates to Microsoft Edge, Internet Explorer, Microsoft Graphics Component, Windows SMB Server, Windows COM, Microsoft Scripting Engine, Windows kernel, Windows Server, and the .NET Framework.
KB4020498 -- Update for .NET Framework 4.6.2 on Windows Server 2012 for x64
KB4020499 -- Update for .NET Framework 4.6.2 on Windows 8.1 and Windows Server 2012 R2
KB4020500 -- Update for .NET Framework 4.6, 4.6.1 on Windows Embedded 8 Standard and Windows Server 2012
KB4020502 -- Update for .NET Framework 4.6, 4.6.1 on Windows 8.1 and Windows Server 2012 R2
KB4020503 -- Update for .NET Framework 4.6 on Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
KB4020505 -- Update for .NET Framework 4.5.2 on Windows 8.1 and Windows Server 2012 R2
KB4020506 -- Update for .NET Framework 4.5.2 on Windows Embedded 8 Standard and Windows Server 2012
KB4020507 -- Update for .NET Framework 4.5.2 on Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, and Windows Server 2008
KB4020510 -- Update for .NET Framework 4 on WES09 and POSReady 2009
KB4020511 -- Update for .NET Framework 2.0 on Windows Server 2008
KB4020512 -- Update for .NET Framework 3.5 on Windows Embedded 8 Standard and Windows Server 2012
KB4020513 -- Update for .NET Framework 3.5.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2
KB4020514 -- Update for .NET Framework 3.5 on Windows 8.1 and Windows Server 2012 R2
KB4020517 -- Update for .NET Framework 2.0 SP2 on WES09 and POSReady 2009
KB4015193 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows XP Embedded
KB4015552 -- April, 2017 Preview of Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2
KB4015553 -- April, 2017 Preview of Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2
KB4015554 -- April, 2017 Preview of Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012
KB4016240 -- Windows 10 Version 1703 OS Build 15063.250 upgrade
- Addressed issue where VMs might experience loss in network connectivity while provisioning IP addresses.
- Addressed issue that does not initiate a remote ring on the device when RemoteRing Configuration Service Provider (CSP) is used.
- Addressed issue where a memory leak occurs in Internet Explorer when hosting pages containing nested framesets that load cross-domain content.
- Addressed issue where Internet Explorer 11 does not save JavaScript files when exporting to an MHT file.
- Addressed issue that causes users to get logged out from Web applications intermittently.
- Addressed issue with a very dim internal monitor that may occur when booting with the external monitor only and then switching to the built-in panel only.
- Addressed issue where running Win32 Direct3D applications or games in full-screen exclusive mode causes the system to become unresponsive when resuming from Connected Standby.
- Addressed issue where when upgrading to Windows 10, version 1703, with the system language set to Chinese, the progress page displays geometric shapes instead of the correct localized strings.
- Addressed issue that prevents the lock screen from being disabled using Group Policy on Professional SKUs.
- Addressed issue in Windows Forms configuration options, which causes antivirus applications to stop working at startup.
- Addressed additional issues with compatibility, Internet Explorer, and Microsoft Edge.
How to download and install the May 2017 security updates
All security updates for Microsoft products are available through Windows Update, various business update services and systems, on the Microsoft Download Center website, and also direct downloads provided on the Microsoft Update Catalog website.
Most Windows systems have automatic updates enabled (as it is the default). This means that updates will be pushed to these systems automatically.
You can run manual checks for updates at any time:
- Tap on the Windows-key on your computer keyboard, type Windows Update, and hit the Enter-key.
- Depending on the configuration, Windows Update will run checks for updates automatically, or when you click on the "check for updates" button.
- Updates are then offered for download, or downloaded automatically depending on system settings.
Direct update downloads
Windows 7 SP1 and Windows Server 2008 R2 SP1
-
KB4019264: May, 2017 Security Monthly Quality Rollup
- KB4019263: May, 2017 Security Only Quality Update
Windows 8.1 and Windows Server 2012 R2
- KB4019215: May, 2017 Security Monthly Quality Rollup
- KB4019213: May, 2017 Security Only Quality Update
Windows 10 and Windows Server 2016 (version 1703)
- KB4016871 --Â Cumulative Update for Windows 10 Version 1703
Additional resources


Martin, I would appreciate that you do not censor this post, as it’s informative writing.
Onur, there is a misleading statement “[…] GIFs are animated images …”. No, obviously you don’t seem to have take much notice of what you were told back in March regarding; Graphics Interchange Format (GIF).
For example, https://www.ghacks.net/2023/03/31/whats-gif-explanation-and-how-to-use-it/#comment-4562919 (if you had read my replies within that thread, you might have learnt something useful). I even mentioned, “GIF intrinsically supports animated images (GIF89a)”.
You linked to said article, [Related: …] within this article, but have somehow failed to take onboard what support you were given by several more knowledgeable people.
If you used AI to help write this article, it has failed miserably.
AI is stupid, and it will not get any better if we really know how this all works. Prove me wrong.. https://www.youtube.com/watch?v=4IYl1sTIOHI
Martin, [#comment-4569908] is only meant to be in: [https://www.ghacks.net/2023/07/09/how-to-send-gifs-on-iphone-two-different-ways/]. Whereas it appears duplicated in several recent random low-quality non relevant articles.
Obviously it [#comment-4569908] was posted: 9 July 2023. Long before this thread even existed… your database is falling over. Those comments are supposed to have unique ID values. It shouldn’t be possible to duplicate the post ID, if the database had referential integrity.
Don’t tell me!
Ghacks wants the state to step in for STATE-MANDATED associations to save jobs!!!
Bring in the dictatorship!!!
And screw Rreedom of Association – too radical for Ghacks maybe
GateKeeper ?
That’s called “appointing” businesses to do the state’s dirty work!!!!!
But the article says itself that those appointed were not happy – implying they had not choice!!!!!!
@The Dark Lady,
@KeZa,
@Database failure,
@Howard Pearce,
@Howard Allan Pearce,
Note: I replaced the quoted URI scheme: https:// with “>>” and posted.
The current ghacks.net is owned by “Softonic International S.A.” (sold by Martin in October 2019), and due to the fate of M&A, ghacks.net has changed in quality.
>> ghacks.net/2023/09/02/microsoft-is-removing-wordpad-from-windows/#comment-4573130
Many Authors of bloggers and advertisers certified by Softonic have joined the site, and the site is full of articles aimed at advertising and clickbait.
>> ghacks.net/2023/08/31/in-windows-11-the-line-between-legitimate-and-adware-becomes-increasingly-blurred/#comment-4573117
As it stands, except for articles by Martin Brinkmann, Mike Turcotte, and Ashwin, they are low quality, unhelpful, and even vicious. It is better not to read those articles.
How to display only articles by a specific author:
Added line to My filters in uBlock Origin: ghacks.net##.hentry,.home-posts,.home-category-post:not(:has-text(/Martin Brinkmann|Mike Turcotte|Ashwin/))
>> ghacks.net/2023/09/01/windows-11-development-overview-of-the-august-2023-changes/#comment-4573033
By the way, if you use an RSS reader, you can track exactly where your comments are (I’m an iPad user, so I use “Feedly Classic”, but for Windows I prefer the desktop app “RSS Guard”).
RSS Guard: Feed reader which supports RSS/ATOM/JSON and many web-based feed services.
>> github.com/martinrotter/rssguard#readme
We all live in digital surveillance glass houses under scrutiny of evil people because of people like Musk. It’s only fair that he takes his turn.
“Operating systems will be required to let the user choose the browser, virtual assistant and search engine of their choice. Microsoft cannot force users to use Bing or Edge. Apple will have to open up its iOS operating system to allow third-party app stores, aka allow sideloading of apps. Google, on the other hand, will need to provide users with the ability to uninstall preloaded apps (bloatware) from Android devices. Online services will need to allow users to unsubscribe from their platform easily. Gatekeepers need to provide interoperability with third-parties that offer similar services.”
Wonderful ! Let’s hope they’ll comply with that law more than they are doing with the GDPR.