Applies ToWindows Vista Starter Windows Vista Enterprise Windows Vista Ultimate Windows Vista Business Windows Vista Home Premium Windows Vista Home Basic Silverlight Windows Server 2008 Datacenter Windows Server 2008 Enterprise Windows Server 2008 Web Edition Windows Server 2008 for Itanium-Based Systems Windows Server 2008 Standard Windows Vista Service Pack 2 Windows Server 2008 R2 Enterprise Windows Server 2008 R2 Datacenter Windows Server 2008 R2 Standard Windows Server 2008 R2 Web Edition Windows Server 2008 Foundation Windows Server 2008 Service Pack 2 Windows 7 Enterprise Windows 7 Ultimate Windows 7 Starter Windows 7 Home Premium Windows 7 Professional Windows 7 Home Basic Windows Server 2008 R2 Foundation Windows Server 2008 R2 Service Pack 1 Windows 7 Service Pack 1 Lync 2010 Windows Server 2012 Essentials Windows Server 2012 Datacenter Windows Server 2012 Foundation Windows Server 2012 Standard Microsoft Lync 2013 Windows Server 2012 R2 Datacenter Windows Server 2012 R2 Essentials Windows Server 2012 R2 Standard Microsoft Office 2010 Service Pack 2 Windows RT 8.1 Windows Server 2012 R2 Foundation Windows 8.1 Pro Windows 8.1 Windows 8.1 Enterprise Skype for Business 2015 Windows 10 Skype for Business 2016 Windows 10, version 1511, all editions Windows 10, version 1607, all editions Windows Server 2016 Standard Windows Server 2016 Essentials Windows Server 2016

Summary

This security update resolves vulnerabilities in the Microsoft Graphics Component on Microsoft Windows, Microsoft Office, Skype for Business, Silverlight and Microsoft Lync. These vulnerabilities could allow remote code execution if a user either visits a specially crafted website or opens a specially crafted document. To learn more about the vulnerability, see Microsoft Security Bulletin MS17-013.

Additional information about this security update

The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.

Microsoft Windows

  • 4017018 Security update for Microsoft Graphics Component: April 11, 2017

  • 4012584 MS17-013: Description of the security update for Microsoft Graphics Component: March 14, 2017

  • 4012497 MS17-018 and MS17-013: Description of the security update for Windows Kernel-Mode Drivers and for Microsoft Graphics Component: March 14, 2017

  • 4012212 March 2017 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1

  • 4012215 March 2017 Security Monthly Quality Rollup for Windows 7 SP1 and Windows Server 2008 R2 SP1

  • 4012213 March 2017 Security Only Quality Update for Windows 8.1 and Windows Server 2012 R2

  • 4012216 March 2017 Security Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2

  • 4012214 March 2017 Security Only Quality Update for Windows Server 2012

  • 4012217 March 2017 Security Monthly Quality Rollup for Windows Server 2012

  • 4012606 March 14, 2017—KB4012606 (OS Build 17312)

  • 4013198 March 14, 2017—KB4013198 (OS Build 830)

  • 4013429 March 13, 2017—KB4013429 (OS Build 933)

Microsoft Office

  • 3127945 MS17-013: Description of the security update for 2007 Microsoft Office Suite: March 14, 2017

  • 3141535 MS17-013: Description of the security update for 2007 Microsoft Office Suite: March 14, 2017

  • 3127958 MS17-013: Description of the security update for Office 2010: March 14, 2017

  • 3178688 MS17-013: Description of the security update for Office 2010: March 14, 2017

  • 3178693 MS17-013: Description of the security update for Word Viewer: March 14, 2017

  • 3178653 MS17-013: Description of the security update for Word Viewer: March 14, 2017

Microsoft Communications Platforms and Software

  • 4010299 MS17-013: Description of the security update for Microsoft Graphics Component on Lync 2010: March 14, 2017

  • 4010300 MS17-013: Description of the security update for Microsoft Graphics Component on Lync 2010 Attendee (user level install): March 14, 2017

  • 4010301 MS17-013: Description of the security update for Microsoft Graphics Component on Lync 2010 Attendee (admin level install): March 14, 2017

  • 4010303 MS17-013: Description of the security update for Microsoft Graphics Component on Live Meeting 2007 Console: March 14, 2017

  • 4010304 MS17-013: Description of the security update for Microsoft Graphics Component on Live Meeting Add-in: March 14, 2017

  • 3172539 MS17-013: Description of the security update for Lync 2013 (Skype for Business): March 14, 2017

  • 3178656 MS17-013: Description of the security update for Skype for Business 2016: March 14, 2017

Microsoft Developer Tools and Software

  • 4013867 MS17-013: Description of the security update for Microsoft Graphics Component on Microsoft Silverlight 5: March 14, 2017

Security update deployment information

Windows Vista (all editions)

Reference table

The following table contains the security update information for this software.

Security update file names

For all supported 32-bit editions of Windows Vista:Windows6.0-KB4017018-x86.msu Windows6.0-KB4012584-x86.msu Windows6.0-KB4012497-x86.msu

 

For all supported x64-based editions of Windows Vista:Windows6.0-KB4017018-x64.msu Windows6.0-KB4012584-x64.msu Windows6.0-KB4012497-x64.msu

Installation switches

See Microsoft Knowledge Base article 934307

Restart requirement

A system restart is required after you apply this security update.

Removal information

  1. does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under "Windows Update," click View installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base article 4017018 See Microsoft Knowledge Base article 4012584 See Microsoft Knowledge Base article 4012497

Registry key verification

Note A registry key does not exist to validate the presence of this update.

 

 

Windows Server 2008 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file names

For all supported 32-bit editions of Windows Server 2008:Windows6.0-KB4017018-x86.msu Windows6.0-KB4012584-x86.msu Windows6.0-KB4012497-x86.msu

 

For all supported x64-based editions of Windows Server 2008:Windows6.0-KB4017018-x64.msu Windows6.0-KB4012584-x64.msu Windows6.0-KB4012497-x64.msu

 

For all supported Itanium-based editions of Windows Server 2008Windows6.0-KB4017018-ia64.msu Windows6.0-KB4012584-ia64.msu Windows6.0-KB4012497-ia64.msu

Installation switches

See Microsoft Knowledge Base article 934307

Restart requirement

A system restart is required after you apply this security update.

Removal information

WUSA.exe does not support uninstall of updates. To uninstall an update installed by WUSA, click Control Panel, and then click Security. Under "Windows Update," click View installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base article 4017018 See Microsoft Knowledge Base article 4012584 See Microsoft Knowledge Base article 4012497

Registry key verification

Note A registry key does not exist to validate the presence of this update.

 

Windows 7 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file name

For all supported x64-based editions of Windows 7:indows6.1-KB4012212-x64.msu Security only

 

For all supported x64-based editions of Windows 7:Windows6.1-KB4012215-x64.msu Monthly rollup

Installation switches

See Microsoft Knowledge Base article 934307

Restart requirement

A system restart is required after you apply this security update.

Removal information

To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under "Windows Update," click View installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base article 4012212 See Microsoft Knowledge Base article 4012215

Registry key verification

Note A registry key does not exist to validate the presence of this update.

 

Windows Server 2008 R2 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file name

For all supported x64-based editions of Windows Server 2008 R2:Windows6.1-KB4012212-x64.msu Security only

 

For all supported x64-based editions of Windows Server 2008 R2:Windows6.1-KB4012215-x64.msu Monthly rollup

Installation switches

See Microsoft Knowledge Base article 934307

Restart requirement

A system restart is required after you apply this security update.

Removal information

To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, and then under "Windows Update," click View installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base article 4012212 See Microsoft Knowledge Base article 4012215

Registry key verification

Note A registry key does not exist to validate the presence of this update.

 

Windows 8.1 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file name

For all supported x64-based editions of Windows 8.1:Windows8.1-KB4012213-x64.msu Security only

 

For all supported x64-based editions of Windows 8.1:Windows8.1-KB4012216-x64.msu Monthly rollup

Installation switches

See Microsoft Knowledge Base article 934307

Restart requirement

A system restart is required after you apply this security update.

Removal information

To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under "See also," click Installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base article 4012213 See Microsoft Knowledge Base article 4012216

Registry key verification

Note A registry key does not exist to validate the presence of this update.

 

Windows RT 8.1 (all editions)

Reference table

The following table contains the security update information for this software.

Deployment

The 4012216 monthly rollup update is available via Windows Update only.

Restart requirement

A system restart is required after you apply this security update.

Removal information

Click Control Panel, click System and Security, click Windows Update, and then under "See also," click Installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base article 4012213

Windows Server 2012 and Windows Server 2012 R2 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file name

For all supported editions of Windows Server 2012:Windows8-RT-KB4012214-x64.msu Security only

 

For all supported editions of Windows Server 2012:Windows8-RT-KB4012217-x64.msu Monthly rollup

 

For all supported editions of Windows Server 2012 R2:Windows8.1-KB4012213-x64.msu Security only

 

For all supported editions of Windows Server 2012 R2:Windows8.1-KB4012216-x64.msu Monthly rollup

Installation switches

See Microsoft Knowledge Base article 934307

Restart requirement

A system restart is required after you apply this security update.

Removal information

To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under "See also," click Installed updates and select from the list of updates.

File information

See Microsoft Knowledge Base article 4012214 See Microsoft Knowledge Base article 4012217 See Microsoft Knowledge Base article 4012213 See Microsoft Knowledge Base article 4012216

Registry key verification

Note A registry key does not exist to validate the presence of this update.

 

Windows 10 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file name

For all supported x64-based editions of Windows 10:Windows10.0-KB4012606-x64.msu

 

For all supported x64-based editions of Windows 10 Version 1511:Windows10.0-KB4013198-x64.msu

 

For all supported x64-based editions of Windows 10 Version 1607:Windows10.0-KB4013429-x64.msu

Installation switches

See Microsoft Knowledge Base article 934307

Restart requirement

A system restart is required after you apply this security update.

Removal information

To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under "See also," click Installed updates and select from the list of updates.

File information

See Windows 10 and Windows Server 2016 update history.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

 

Windows Server 2016 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file name

For all supported editions of Windows Server 2016:Windows10.0-KB4013429-x64.msu

Installation switches

See Microsoft Knowledge Base article 934307

Restart requirement

A system restart is required after you apply this security update.

Removal information

To uninstall an update installed by WUSA, use the /Uninstall setup switch or click Control Panel, click System and Security, click Windows Update, and then under "See also," click Installed updates and select from the list of updates.

File information

See Windows 10 and Windows Server 2016 update history.

Registry key verification

Note A registry key does not exist to validate the presence of this update.

 

 

Microsoft Office 2007 (all editions) and Other Software

Reference table

The following table contains the security update information for this software.

Security update file name

For Microsoft Office 2007 Service Pack 3:ogl2007-kb3127945-fullfile-x86-glb.exe

 

For Microsoft Office 2007 Service Pack 3:usp102007-kb3141535-fullfile-x86-glb.exe

 

For Microsoft Word Viewer:office2003-kb3178693-fullfile-enu.exe

 

For Microsoft Word Viewer:office2003-kb3178653-fullfile-enu.exe

Installation switches

See Microsoft Knowledge Base article 912203

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.

Removal information

Use the Add or Remove Programs item in Control Panel.

File information

See Microsoft Knowledge Base article 3127945 See Microsoft Knowledge Base article 3141535 See Microsoft Knowledge Base article 3178693 See Microsoft Knowledge Base article 3178653

Registry key verification

Not applicable

 

Microsoft Office 2010 (all editions)

Reference table

The following table contains the security update information for this software.

Security update file name

For Microsoft Office 2010 Service Pack 2 (32-bit editions):ogl2010-kb3127958-fullfile-x86-glb.exe

 

For Microsoft Office 2010 Service Pack 2 (64-bit editions):ogl2010-kb3127958-fullfile-x64-glb.exe

 

For Microsoft Office 2010 Service Pack 2 (32-bit editions):usp102010-kb3178688-fullfile-x86-glb.exe

 

For Microsoft Office 2010 Service Pack 2 (64-bit editions):usp102010-kb3178688-fullfile-x64-glb.exe

Installation switches

See Microsoft Knowledge Base article 912203

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.

Removal information

Use the Add or Remove Programs item in Control Panel.

File information

See Microsoft Knowledge Base article 3127958 See Microsoft Knowledge Base article 3178688

Registry key verification

Not applicable

 

Microsoft Live Meeting 2007, Microsoft Lync 2010, Microsoft Lync 2010 Attendee, Microsoft Lync 2013 (Skype for Business), and Microsoft Lync Basic 2013 (Skype for Business Basic)

Reference table

The following table contains the security update information for this software.

Security update file name

For Microsoft Live Meeting 2007 Console (4010303):LMSetup.exe

 

For Microsoft Live Meeting 2007 Add-in (4010304)ConfAddins_Setup.exe

 

For Microsoft Lync 2010 (32-bit) (4010299):lync.msp

 

For Microsoft Lync 2010 (64-bit) (4010299):lync.msp

 

For Microsoft Lync 2010 Attendee (user level install) (4010300):AttendeeUser.msp

 

For Microsoft Lync 2010 Attendee (admin level install) (4010301):AttendeeAdmin.msp

 

For all supported editions of Microsoft Lync 2013 (Skype for Business) (32-bit) and Microsoft Lync Basic 2013 (Skype for Business Basic) (32-bit):lync2013-kb3172539-fullfile-x86-glb.exe

 

For all supported editions of Microsoft Lync 2013 (Skype for Business) (64-bit) and Microsoft Lync Basic 2013 (Skype for Business Basic) (64-bit):lync2013-kb3172539-fullfile-x64-glb.exe

 

For all supported 32-bit editions of Skype for Business 2016 and Skype for Business Basic 2016:lync2016-kb3178656-fullfile-x86-glb.exe

 

For all supported 64-bit editions of Skype for Business Basic 2016:lync2016-kb3178656-fullfile-x64-glb.exe

Installation switches

See Microsoft Knowledge Base article 912203

Restart requirement

In some cases, this update does not require a restart. If the required files are being used, this update will require a restart. If this behavior occurs, a message appears that advises you to restart. To help reduce the chance that a restart will be required, stop all affected services and close all applications that may use the affected files prior to installing the security update. For more information about the reasons why you may be prompted to restart, see Microsoft Knowledge Base article 887012.

Removal information

Use the Add or Remove Programs item in Control Panel.

File information

For Microsoft Live Meeting 2007 Console: See Microsoft Knowledge Base article 4010303

 

For Microsoft Live Meeting 2007 Add-In: See Microsoft Knowledge Base article 4010304

 

For all supported editions of Microsoft Lync 2010: See Microsoft Knowledge Base article 4010299

 

For Microsoft Lync 2010 Attendee (user level install): See Microsoft Knowledge Base article 4010300

 

For Microsoft Lync 2010 Attendee (admin level install): See Microsoft Knowledge Base article 4010301

 

For Microsoft Link 2013 (Skype for Business) and Microsoft Link Basic 2013 (Skype for Business Basic): See Microsoft Knowledge Base article 3172539

 

For Skype for Business 2016 and Skype for Business Basic 2016: See Microsoft Knowledge Base article 3178656

Registry key verification

For Microsoft Live Meeting 2007 Console: Not applicable

 

For Microsoft Lync 2010 (32-bit): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} Version = 7577.4525

 

For Microsoft Lync 2010 (64-bit): HKEY_LOCAL_MACHINE\ SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} Version = 7577. 4525

 

For Microsoft Lync 2010 Attendee (user level install): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{0EEB34F6-991D-4a1b-8EEB-772DA0EADB22} Version = 7577. 4525

 

For Microsoft Lync 2010 Attendee (admin level install): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\94E53390F8C13794999249B19E6CFE33\InstallProperties\DisplayVersion = 4.0.7577. 4525

 

For Microsoft Lync 2013 (Skype for Business) and Microsoft Lync Basic 2013 (Skype for Business Basic): Not applicable

 

For Skype for Business 2016 and Skype for Business Basic 2016: Not applicable

 

Silverlight 5 for Windows (all supported releases)

Reference table

The following table contains the security update information for this software.

Security update file names

For Microsoft Silverlight 5 when installed on all supported 32-bit releases of Microsoft Windows:silverlight.exe

 

For Microsoft Silverlight 5 Developer Runtime when installed on all supported 32-bit releases of Microsoft Windows:silverlight_developer.exe

 

For Microsoft Silverlight 5 when installed on all supported 64-bit releases of Microsoft Windows:silverlight_x64.exe

 

For Microsoft Silverlight 5 Developer Runtime when installed on all supported 64-bit releases of Microsoft Windows:silverlight_developer_x64.exe

Installation switches

See the Silverlight Enterprise Deployment Guide

Restart requirement

This update does not require a restart.

Removal information

Use Add or Remove Programs item in Control Panel. (Note that the update cannot be removed without removing Silverlight.)

File information

See Microsoft Knowledge Base article 3193713

Registry key verification

For 32-bit installations of Microsoft Silverlight 5: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Silverlight "Version" = "5.1. 50905.0"

 

For 64-bit installations of Microsoft Silverlight 5: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Silverlight "Version" = "5.1.50901.0" and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Silverlight "Version" = "5.1. 50905.0"

How to obtain help and support for this security update

Help for installing updates: Support for Microsoft Update

Security solutions for IT professionals: TechNet Security Troubleshooting and Support

Help for protecting your Windows-based computer from viruses and malware: Virus Solution and Security Center

Local support according to your country: International Support

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.