May 2017 Description of the Quality Rollup for the .NET Framework 4.6, 4.6.1, and 4.6.2 for Windows Server 2012 (KB4014602): May 16, 2017

Applies to: .NET Framework 4.6


This May 2017 update for Windows Server 2012 includes cumulative reliability improvements in the .NET Framework 4.6, 4.6.1, and 4.6.2. We recommend that you apply this update as part of your regular maintenance routines. Before you install this update, see the "Prerequisites" and "Restart requirement" sections.


  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Quality and reliability improvements


Fix 1

In the following scenarios, ASP.NET may duplicate the cookie in response headers:

  • Before a request cookie is loaded, the response cookie is added.

  • A response cookie is added, and then a native module sets the response cookie.

After you apply this fix, ASP.NET makes sure that response cookies are not duplicated.

Fix 2

After .NET Framework 4.6.x is installed, the MaxAge value in requests coming from Cache is incorrectly set. This issue does not prevent OutputCache on the server side from functioning, but it does cause confusions and problems if customer applications look at the MaxAge value in the cache control headers.

Fix 3

Issue 1: Users might obtain a NULL result when calling OperationContext.Current.

This issue occurs when an OperationContextScope is created and proceeds to call OperationContext.Current within the using clause. A common pattern that is prone to this failure is the following examle:

using (new OperationContextScope(OperationContext.Current)){    OperationContext context = OperationContext.Current;  //OperationContext.Current returns null    // ...}

To work around this issue, change the code to resemble the following:

OperationContext ocx = OperationContext.Current;using (new OperationContextScope(OperationContext.Current)){    OperationContext.Current = new OperationContext(ocx.Channel);    // ...}

Issue 2: Users might experience a deadlock when Reentrant services are used.

This issue occurs when a Reentrant service is created – which restricts instances of the service to one thread of execution at a time. Users who experience this problem have the following ServiceBehaviorAttribute in their code:

[ServiceBehavior(ConcurrencyMode = ConcurrencyMode.Reentrant)]

To work around this issue, set the ConcurrencyMode of the service to ConcurrencyMode.Single or ConcurrencyMode.Multiple, and provide the appropriate synchronization primitives to make sure a single thread can execute a single method at a time.

We have released an update of System.ServiceModel.dll and we strongly encourage users to update their existing .NET 4.6.x framework. The patch fixes Issue 1, disables the flow of OperationContext.Current by default, and provides an Opt-In option to enable features.

To enable the flow of OperationContext.Current across multiple threads in async operations, use the following AppSettings key:

<appSettings>  <add key="Switch.System.ServiceModel.DisableOperationContextAsyncFlow" value="false"/></appSettings>

Setting the value of Switch.System.ServiceModel.DisableOperationContextAsyncFlow to true disables the flow of the ExecutionContext in OperationContext.Current and effectively reverts the behavior to pre-4.6.x, which is the default behavior after this update. Setting the value to false enables the feature and should not be used in Reentrant services.


Fix 1

When you use RSACng (or another class which directly or indirectly uses RSACng) to perform encryption by using RSAEncryptionPadding.Pkcs1 when the private key is stored on a smartcard (or other hardware security module), an exception of System.Security.Cryptography.CryptographicException occurs:

The parameter is incorrect. at System.Security.Cryptography.NCryptNative.DecryptData[T](SafeNCryptKeyHandle key, Byte[] data, T& paddingInfo, AsymmetricPaddingMode paddingMode, NCryptDecryptor`1 decryptor)

Fix 2

Users of SignedXml may receive an exception that resembles the following:

System.Security.Cryptography.CryptographicException: Object was not found.
at System.Security.Cryptography.NCryptNative.CreatePersistedKey(SafeNCryptProviderHandle provider, String algorithm, String name, CngKeyCreationOptions options)

This issue occurs when running in some modes on older versions of Windows (for example, executing without loading the user profile on Windows Server 2008 R2).


Fix 1

Reliability improvements in RYUJIT complier code generation due to a missed AVX encoding case.

Fix 2

Applications that frequently queue bursts of work items to the .NET ThreadPool, with idle or light activity between bursts, may be shown using PerfView to spend a significant amount of CPU time in clr!ThreadpoolMgr::UnfairSemaphore::Wait in a spin-wait state. A new configuration variable is exposed to configure the spinning limit. The environment variable COMPlus_ThreadPool_UnfairSemaphoreSpinLimit may be set to a lower value (the default is 0x32) to reduce the amount of spinning done or zero (0) to disable spinning, before starting the application. Note that changes to this configuration variable may negatively affect the performance of applications, and such changes are not supported.

Fix 3

Rare crashes or deadlocks can happen if a GC occurs while another thread is running NGen'ed code which makes the initial call into a static method within the same module where one or more parameter types involve type-forwarded valuetypes.

Fix 4

If you marshal an array of struct A and an array of struct B as SAFEARRAY and struct A/B has identical GUIDs, a memory leak may occur.

Fix 5

On a system that has many processors, there might a desire to have some processes use only some processes with Server GC. For example if you have a 40-processor system, you might want to have process 0 use only 10 processors and process 1 use only 6 processors, so process 0 gets 10 GC heaps/threads and process 1 gets 6. Below is an example of using these Server GC configurations:

<configuration>   <runtime>      <gcServer enabled="true"/>      <GCHeapCount enabled="6"/>      <GCNoAffinitize enabled="true"/>      <GCHeapAffinitizeMask enabled="144"/>   </runtime></configuration>

<GCNoAffinitize enabled="true"/> specifies to not affinitize the Server GC threads with CPUs.

<GCHeapCount enabled="6"/> 6 specifies you want 6 heaps. The actual number of heaps is the number of heaps you specify and the minimum your process is allowed to use.

<GCHeapAffinitizeMask enabled="144"/> This number is in decimal form, so this is 0x90, which means using 2 bits as your process mask. The actual number of heaps is the number of bits you specify, the minimum your process is allowed to use, and the number of set bits in the mask that you specify.

For EF

When there are more than 1,000 queries in the EF 4.x application, the application may experience slowness due to exceeding the size limit of the query cache. With this fix, you can change the query cache size through the following AppSetting:

<appSettings>    <add key="EntityFramework_QueryCacheSize" value="3000"/></appSettings>


When attempting to access token bindings from the GetTlsTokenBindings API, an access violation exception can be thrown if managed memory has moved during the request. Pointers are now updated to reflect any memory movement.

For SQL Client

An OverflowException or IndexOutOfRangeException may be thrown during the prelogin phase of opening a SQL connection due to receiving a TDS packet thats smaller than expected.

For Winforms

A Windows Forms Application with MDI parent form will remove active child forms from the MDI child windows list under certain conditions. This happens when the closing of the child form is canceled by the user and the child windows list menu item is opened.


Fix 1

A Windows Presentation Foundation (WPF) application that uses a virtualizing list control (List Box, DataGrid, TreeView, or so on) can encounter an ArgumentNullException exception when you scroll to a list item whose size has greatly decreased since the last time that it was re-virtualized.

Fix 2

If two WPF applications that target side by side (SxS) .NET Framework versions (for example, 3.5 and 4.x) are loaded in the same process, issues can occur on touch or stylus enabled systems. A common example of this is loading VSTO add-ins that are written in WPF. This is due to an issue with choosing the correct PenIMC.dll version for each application. This fix allows WPF to properly differentiate between both DLLs and function correctly.

Fix 3

In some cases, Windows Presentation Foundation (WPF) tries to process a touch or stylus input by using a null StylusDevice member. This can cause a NullReferenceException exception to occur. This fix checks for this issue and guards against it.

Fix 4

A WPF application can encounter an ArugmentOutOfRangeException if it uses a DataGrid with column virtualization enabled, calls DataGrid.ScrollIntoView(row, column) before the column widths are known, then immediately changes the DataGrid.Columns collection before the DataGrid has rendered.

Fix 5

There is a memory leak when a WPF application includes a D3DImage control, changes both the size and the content of the image, and runs with software rendering (such as running over Remote Desktop).

Note This update also contains cumulative updates that were released previously starting from October 11, 2016.

Additional information about this security update

For more information about this security update as it relates to Windows Server 2012, see the following article in the Microsoft Knowledge Base:

4019289 May 2017 Preview of the Quality Rollup for the .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, and 4.6.2 for Windows Server 2012: May 16, 2017

How to get this update

Windows Update

This update is available from Windows Update, as an optional update.

Manual download

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.


To apply this update, you must have the .NET Framework 4.6, 4.6.1, or 4.6.2 installed.

Restart requirement

You must restart the computer after you apply this update if any affected files are being used. We recommend that you exit all .NET Framework-based applications before you apply this update.

File information


Applies to

This article applies to the following:


  • Microsoft .NET Framework 4.6, 4.6.1, and 4.6.2 when used with:
    • Windows Server 2012