Microsoft Security Updates April 2017 release

Microsoft released security updates, and non security updates for all supported versions of Microsoft Windows and other company products today.

The April 2017 Patch Tuesday is special. First, because it marks the end of Windows Vista's extended support phase. Microsoft won't release security updates for Windows Vista officially anymore.

Second, it marks the beginning of the roll out phase of the Windows 10 Creators Update.

Our guide provides you with information on today's Patch day. It begins with an executive summary that lists the highlights of this month's Patch day.

We had to change the guide somewhat this month as Microsoft moved from offering information in security bulletins to using the Security Update Guide website exclusively. This makes it more difficult to gather information for this overview as you get a lot of noise in the listings.

Microsoft Security Updates April 2017

You can download an Excel spreadsheet that lists all released security updates for all Microsoft products released in April 2017 with a click on the following link: april-2017-security-updates-microsoft.zip

Executive Summary

• Security Bulletins are no longer provided. Microsoft switched the information system to the Security Update Guide fully.
• The April security update patches issues in all supported versions and editions of Microsoft Windows.
• Other Microsoft products with patches are Microsoft Edge and Internet Explorer, the .NET Framework, Silverlight, and Microsoft Office.

Operating System Distribution

• Windows Vista: 9 vulnerabilities, 1 critical, 8 important
• Windows 7: 9 vulnerabilities, 1 critical, 8 important.
• Windows 8.1: 23 vulnerabilities, 4 critical, 19 important.
• Windows RT 8.1: 11 vulnerabilities, 1 critical, 10 important.
• Windows 10 version 1703: 21 vulnerabilities, 5 critical, 16 important.

Windows Server products:

• Windows Server 2008:  12 vulnerabilities, 3 critical, 9 important
• Windows Server 2008 R2: 13 vulnerabilities, 3 critical, 10 important
• Windows Server 2012 and 2012 R2: 24 vulnerabilities, 4 critical, 20 important
• Windows Server 2016: 41 vulnerabilities, 10 critical, 31 important

Other Microsoft Products

• Internet Explorer 11: 1 critical, 1 important
• Microsoft Edge: 3 critical, 1 important, 1 moderate
• Microsoft Office: 42 vulnerabilities affecting various versions and editions of Office,with 2 vulnerabilities rated critical

Security Updates

KB4015583 -- April 11, 2017 for Windows 10 Version 1703

• Addressed issues with updated time zone information.
• Security updates to Scripting Engine, libjpeg image-processing library, Hyper-V, Windows kernel-mode drivers, Adobe Type Manager Font Driver, Internet Explorer, Graphics Component, Active Directory Federation Services, .NET Framework, Lightweight Directory Access Protocol, Microsoft Edge and Windows OLE.

KB4015550 -- Monthly Rollup for Windows 8.1 and Windows Server 2012 R2

This security update includes improvements and fixes that were a part of update KB4012219 (released March 21, 2017) and resolves the security vulnerabilities in Hyper-V, libjpeg image-process library, Win32K, Adobe Type Manager font driver, Active Directory Federation Services, Lightweight Directory Access Protocol, Windows kernel-mode drivers, OLE, Scripting Engine, Windows Graphics component and Internet Explorer in addition to these quality improvements:

• Addressed an issue that was causing Authentication Success and Failure events with Event ID 4768 to not be logged after installing KB4012216.
• Addressed a bug check encountered on Windows Server 2012 R2 Hyper-V hosts with error code 0xE4 after installing KB4012216.
• Addressed issue where a server may fail with STOP 0x3B error leading to data loss when Input Method Editors (IME) like keyboards are installed.

KB4015546 -- Security-only Rollup for Windows 7 SP1 and Windows Server 2008 R2

• This security update includes improvements and fixes that were a part of update KB4012218 (released March 21, 2017), and also resolves the following security vulnerabilities in Windows: scripting engine, Hyper-V, libjpeg image-processing library, Adobe Type Manager Font Driver, Win32K, Microsoft Outlook, Internet Explorer, Graphics Component, Windows kernel-mode drivers and Lightweight Directory Access Protocol.

KB4015547 -- Security-only Rollup for Windows 8.1 and Windows Server 2012 R2

KB4015548 -- April, 2017 Security Only Quality Update for Windows Embedded 8 Standard and Windows Server 2012

KB4015549 -- Monthly Rollup for Windows 7 SP1 and Windows Server 2008 R2

KB4015551 -- April, 2017 Security Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012

KB4018483 -- Security Update for Adobe Flash Player for Windows 10 Version 1607, Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, and Windows Server 2012

KB3211308 -- Security Update for Windows Server 2008 for x64-based Systems --  Security update for the Hyper-V vulnerability in Windows Server 2008: April 11, 2017

KB3217841 -- Security Update for Windows Server 2008 for x64-based Systems -- Security update for the Hyper-V denial of service vulnerability in Windows Server 2008: April 11, 2017

KB4014652 -- Security Update for Windows Server 2008, Windows Vista, and Windows XP Embedded -- Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

KB4014661 -- Cumulative Security Update for Internet Explorer

KB4014793 -- Security Update for Windows Vista, Windows Server 2008, and Windows XP Embedded -- Security update for the Microsoft Office remote code execution vulnerability: April 11, 2017

KB4014794 -- Security Update for Windows Server 2008, Windows Vista, and Windows XP Embedded -- Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

KB4014981 -- April, 2017 Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2

KB4014982 -- April, 2017 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1 on Windows Embedded 8 Standard and Windows Server 2012

KB4014983 -- April, 2017 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4014984 -- April, 2017 Security and Quality Rollup for .NET Framework 2.0 on Windows Server 2008 and Windows Vista

KB4014985 -- April, 2017 Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R

KB4014986 -- April, 2017 Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1 on Windows Embedded 8 Standard and Windows Server 2012

KB4014987 -- April, 2017 Security Only Update for .NET Framework 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2

KB4014988 -- April, 2017 Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 on Windows Server 2008 and Windows Vista

KB4015067 -- Security Update for Windows Server 2008, Windows Vista, and WES09 and POSReady 2009

KB4015068 -- Security Update for Windows Server 2008 and Windows Vista -- Security update for the LDAP elevation of privilege vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

KB4015195 -- Security Update for Windows Server 2008, Windows Vista, and Windows XP Embedded -- Security update for the Win32k information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

KB4015380 -- Security Update for Windows Server 2008, Windows Vista, and Windows XP Embedded -- Security update for the ATMFD.dll information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

KB4015383 -- Security Update for Windows Server 2008, Windows Vista, and Windows XP Embedded -- Security update for the libjpeg information disclosure vulnerability in Windows Vista and Windows Server 2008: April 11, 2017

Security advisories and updates

Non-security related updates

KB4016654 -- Dynamic Update for Windows 10 Version 1607 -- Compatibility update for upgrading to Windows 10 Version 1607 and Windows Server 2016

KB4016251 -- Update for Windows 10 version 1703

• Addressed issue with Windows audio devicegraph isolation burning CPU-endless loop due to defective APOs.
• Addressed installation issue with V3 XPS-based printer connections from non-1703 clients to 1703.
• Issue with Surface USB: Bluetooth radio sometimes fails to re-enumerate during hibernate/resume.
• Addressed issue with virus protection product driver install triggering a system crash on build 15060 configured with DeviceGuard.

KB4016635 -- Update for Windows 10 version 1607, and Windows Server 2016

• Addressed a known issue with KB4013429 that caused form display issues with CRM 2011 on Internet Explorer 11.
• Addressed the issue with KB4013429 that prevents users from updating apps from Windows Store with 0x80070216 error

KB4015438 -- Update for Windows 10 version 1607, and Windows Server 2016

• Addressed a known issue with KB4013429 that caused Windows DVD Player (and 3rd party apps that use Microsoft MPEG-2 handling libraries) to crash.
• Addressed a known issue with KB4013429, that some customers using Windows Server 2016 and Windows 10 1607 Client with Switch Embedded Teaming (SET) enabled might experience a deadlock or when changing the physical adapter’s link speed property.

KB4017018 -- Update for Windows Server 2008, Windows Vista, and Windows XP Embedded -- Security update for Microsoft Graphics Component

KB890830 -- Windows Malicious Software Removal Tool - April 2017

KB4016754 -- Update for Windows 10, Windows 8.1, Windows 7, and Windows Vista -- MTP driver update causes USB connected phone or portable device issue

KB4017099 -- Update for Windows 10 Version 1511 -- MTP driver update causes USB connected phone or portable device issue

KB4017100 -- Update for Windows 10 Version 1607 -- MTP driver update causes USB connected phone or portable device issue

KB3191564 -- Update for Windows 8.1 and Windows Server 2012 R2 -- Update for Windows Management Framework 5.1 for Windows 8.1 and Windows Server 2012 R2

KB3191565 -- Update for Windows Server 2012 -- Update for Windows Management Framework 5.1 for Windows Server 2012.

KB4016446 -- Update for Internet Explorer -- Forms in Dynamics CRM 2011 are broken after KB 4013073 for Internet Explorer 11 is installed

KB3216520 -- March, 2017 Preview of Quality Rollup for .NET Framework 2.0 on Windows Server 2008 and Windows Vista.

KB3216521 -- March, 2017 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2.

KB3216522 -- March, 2017 Preview of Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1 on Windows Embedded 8 Standard and Windows Server 2012.

KB3216523 -- March, 2017 Preview of Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1 on Windows Embedded Standard 7, Windows 7, and Windows Server 2008 R2.

KB3217877 -- Update for Windows Server 2008 and Windows Vista -- When you use the fread() function to read data from a pipe in Windows Vista Service Pack 2, the runtime program may omit line feed (LF) characters between lines and cause corrupted output.

KB4012218 -- March, 2017 Preview of Monthly Quality Rollup for Windows 7 and Windows Server 2008 R2.

KB4012219 -- March, 2017 Preview of Monthly Quality Rollup for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.

KB4012220 -- March, 2017 Preview of Monthly Quality Rollup for Windows Embedded 8 Standard and Windows Server 2012.

KB4012864 -- Update for Windows 8.1, Windows Server 2012 R2, Windows Embedded 8 Standard, Windows Server 2012, Windows Embedded Standard 7, Windows 7, Windows Server 2008 R2, Windows Server 2008, Windows Vista, and Windows XP Embedded

How to download and install the April 2017 security updates

All security updates are available through Windows Update. Microsoft publishes cumulative updates for Windows 7, Windows 8.1 and Windows 10 that include security and non-security updates.

If you only want security updates, make sure you disable Windows Update on your computers and download them separately from the Microsoft Update Catalog website instead (using the links below).

Some updates are also available on the Microsoft Download Center website.

To check for updates using Windows Update, do the following:

1. Tap on the Windows-key, type Windows Update, and select the item from the results.
2. Click on check for updates button if update checks don't run automatically. Windows should list all new updates available for the system.
3. Updates may be downloaded automatically, or on user request then.

Direct update downloads

Windows 7 SP1 and Windows Server 2008 R2 SP1

• April, 2017 Security Monthly Quality Rollup
• April, 2017 Security Only Quality Update

Windows 8.1 and Windows Server 2012 R2

• April, 2017 Security Monthly Quality Rollup
• April, 2017 Security Only Quality Update

Windows 10 and Windows Server 2016 (version 1703)

• KB4015583 --  Cumulative Update for Windows 10 Version 1703

Additional resources

• April 2017 Security Updates release notes
• List of software updates for Microsoft products
• List of security advisories
• Security Updates Guide
• Microsoft Update Catalog site
• Windows 10 Update History
• Windows 8.1 Update History
• Windows 7 Update History