MS17-022: Description of the security update for Microsoft XML Core Services: March 14, 2017

Applies to: Windows Server 2008 Service Pack 2Windows Server 2008 FoundationWindows Vista Service Pack 2


This security update resolves a vulnerability in Microsoft Windows. This vulnerability could allow information disclosure if a user visits a malicious website. However, in all cases, an attacker would have no way to force the user to click a specially crafted link. An attacker would have to convince the user to click the link, typically by way of an enticement in an email or Instant Messenger message.

To learn more about the vulnerability, see Microsoft Security Bulletin MS17-022.

More Information

  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

How to obtain and install the update

Method 1: Windows Update

This update is available through Windows Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to turn on automatic updating, see Windows Update FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.