May 2017 Description of the Quality Rollup for the .NET Framework 4.6, 4.6.1, and 4.6.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1, and the .NET Framework 4.6 for Windows Server 2008 SP2 (KB4014606): May 16, 2017

S’applique à : .NET Framework 4.6.2.NET Framework 4.6.1.NET Framework 4.6


This May 2017 update for Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1 includes cumulative reliability improvements in the .NET Framework 4.6, 4.6.1, and 4.6.2. Additionally, this update includes cumulative reliability improvements in the .NET Framework 4.6 for Windows Server 2008 SP2. We recommend that you apply this update as part of your regular maintenance routines. Before you install this update, see the "Prerequisites" and "Restart requirement" sections.


  • If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see Add language packs to Windows.

Quality and reliability improvements


Fix 1

In the following scenarios, ASP.NET may duplicate the cookie in response headers:

  • Before a request cookie is loaded, the response cookie is added.

  • A response cookie is added, and then a native module sets the response cookie.

After you apply this fix, ASP.NET makes sure that response cookies are not duplicated.

Fix 2

After .NET Framework 4.6.x is installed, the MaxAge value in requests coming from cache is incorrectly set. This issue doesn't prevent OutputCache on the server side from functioning, but it does cause confusion and problems if customer applications look at the MaxAge value in the cache control headers.

Fix 3

Issue 1: Users might obtain a NULL result when calling OperationContext.CurrentThis issue occurs when an OperationContextScope is created and proceeds to call OperationContext.Current within the using clause. A common pattern is shown in the following example:

using (new OperationContextScope(OperationContext.Current)){    OperationContext context = OperationContext.Current;  //OperationContext.Current returns null    // ...}

To work around this issue, change the code to resemble the following:

OperationContext ocx = OperationContext.Current;using (new OperationContextScope(OperationContext.Current)){    OperationContext.Current = new OperationContext(ocx.Channel);    // ...}

Issue 2: Users might experience a deadlock when Reentrant services are used.

This issue occurs when a Reentrant service is created, which restricts instances of the service to one thread of execution at a time. Users who experience this problem have the following ServiceBehaviorAttribute in their code:

[ServiceBehavior(ConcurrencyMode = ConcurrencyMode.Reentrant)]

To work around this issue, set the ConcurrencyMode of the service to ConcurrencyMode.Single or ConcurrencyMode.Multiple, and provide the appropriate synchronization primitives to make sure a single thread can execute a single method at a time.

We have released an update of System.ServiceModel.dll, and we strongly encourage users to update their existing .NET 4.6.x framework. The patch fixes Issue 1, disables the flow of OperationContext.Current by default, and provides an Opt-In option to enable features.

To enable the flow of OperationContext.Current across multiple threads in async operations, use the following AppSettings key:

<appSettings>  <add key="Switch.System.ServiceModel.DisableOperationContextAsyncFlow" value="false"/></appSettings>

Setting the value of Switch.System.ServiceModel.DisableOperationContextAsyncFlow to true disables the flow of the ExecutionContext in OperationContext.Current and effectively reverts the behavior to pre-4.6.x, which is the default behavior after this update. Setting the value to false enables the feature and should not be used in Reentrant services.


Fix 1

When you use RSACng (or another class that directly or indirectly uses RSACng) to perform encryption by using RSAEncryptionPadding.Pkcs1 when the private key is stored on a smartcard (or other hardware security module), a System.Security.Cryptography.CryptographicException occurs:

The parameter is incorrect. at System.Security.Cryptography.NCryptNative.DecryptData[T](SafeNCryptKeyHandle key, Byte[] data, T& paddingInfo, AsymmetricPaddingMode paddingMode, NCryptDecryptor`1 decryptor)

Fix 2

Users of SignedXml may receive an exception that resembles the following:

System.Security.Cryptography.CryptographicException: Object was not found.
at System.Security.Cryptography.NCryptNative.CreatePersistedKey(SafeNCryptProviderHandle provider, String algorithm, String name, CngKeyCreationOptions options)

This issue occurs when running in some modes on older versions of Windows (for example, executing without loading the user profile on Windows Server 2008 R2).


Fix 1

Reliability improvements were made in RyuJIT complier code generation. These improvements include a missed Advanced Vector Extensions (AVX) encoding case.

Fix 2

Applications that frequently queue bursts of work items to the .NET ThreadPool, with idle or light activity between bursts, may be shown through PerfView to spend a significant amount of CPU time in clr!ThreadpoolMgr::UnfairSemaphore::Wait in a spin-wait state. A new configuration variable is exposed to configure the spinning limit. The environment variable COMPlus_ThreadPool_UnfairSemaphoreSpinLimit may be set to a lower value (the default is 0x32) to reduce the amount of spinning done or zero (0) to disable spinning, before starting the application. Note that changes to this configuration variable may degrade the performance of applications, and such changes are not supported.

Fix 3

Rare crashes or deadlocks can happen if a GC occurs while another thread is running NGen'ed code that makes the initial call into a static method within the same module where one or more parameter types involve type-forwarded valuetypes.

Fix 4

If you marshal an array of struct A and also an array of struct B as SAFEARRAY, and struct A and B have identical GUIDs, a memory leak may occur.

Fix 5

On a system that has many processors, there might a desire to have some processes use only some processes with server GC. For example, if you have a 40-processor system, you might want to have process 0 use only 10 processors and process 1 use only 6 processors, so process 0 gets 10 GC heaps/threads and process 1 gets 6. Below is an example of using these Server GC configurations:

<configuration>   <runtime>      <gcServer enabled="true"/>      <GCHeapCount enabled="6"/>      <GCNoAffinitize enabled="true"/>      <GCHeapAffinitizeMask enabled="144"/>   </runtime></configuration>

<GCNoAffinitize enabled="true"/> specifies to not affinitize the Server GC threads with CPUs.

<GCHeapCount enabled="6"/> 6 specifies that you want 6 heaps. The actual number of heaps is the number of heaps that you specify and the minimum your process is allowed to use.

<GCHeapAffinitizeMask enabled="144"/> This number is in decimal, so this is 0x90, which means using 2 bits as your process mask. The actual number of heaps is the number of bits you specify, the minimum your process is allowed to use, and the number of set bits in the mask you specify

For EF

When there are more than 1,000 queries in the EF 4.x application, the application may experience slowness the size limit of the query cache is exceeded. With this fix, you can change the query cache size through the following AppSetting:

<appSettings>    <add key="EntityFramework_QueryCacheSize" value="3000"/></appSettings>


When attempting to access token bindings from the GetTlsTokenBindings API, an access violation exception can be thrown if managed memory has moved during the request. Pointers are now updated to reflect any memory movement.

For SQL Client

An OverflowException or IndexOutOfRangeException may be thrown during the prelogin phase of opening a SQL Connection due to receiving a TDS packet that is smaller than expected.

For Winforms

A Windows Forms Application with MDI parent form under certain conditions will remove active child forms from the MDI child windows list. This happens when the closing of the child form is canceled by the user and the child windows list menu item is opened.


Fix 1

A Windows Presentation Foundation (WPF) application that uses a virtualizing list control (List Box, DataGrid, TreeView, or so on) can encounter an ArgumentNullException exception when you scroll to a list item whose size has greatly decreased since the last time that it was re-virtualized.

Fix 2

If two WPF applications that target side-by-side (SxS) .NET Framework versions (for example, 3.5 and 4.x) are loaded in the same process, issues can occur on touch or stylus enabled systems. A common example of this is loading VSTO add-ins that were written in WPF. This is due to an issue with choosing the correct PenIMC.dll version for each application. This fix allows WPF to properly differentiate between both DLLs and function correctly.

Fix 3

In some cases, WPF tries to process a touch or stylus input by using a null StylusDevice member. This can cause a NullReferenceException exception. This fix checks for this issue and guards against it.

Fix 4

A WPF application can encounter an ArugmentOutOfRangeException if it uses a DataGrid with column virtualization enabled, calls DataGrid.ScrollIntoView(row, column) before the column widths are known, and then immediately changes the DataGrid.Columns collection before the DataGrid has rendered.

Fix 5

There is a memory leak when a WPF application includes a D3DImage control, changes both the size and the content of the image, and runs with software rendering (such as running over Remote Desktop).

Note This update also contains cumulative updates that were released previously starting from October 11, 2016.

Known issues in this update

  • Users who upgrade to the .NET Framework 4.7 after they apply this update on a touch-enabled device may observe COMException errors in their Windows Presentation Framework (WPF) applications. For more information, go to the following Microsoft Knowledge Base article:

 4033488 "COMException" error from WPF applications after the .NET Framework 4.7 is installed on Windows 7 or Windows Server 2008

Additional information about this security update

For more information about this security update as it relates to Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, see the following article in the Microsoft Knowledge Base:

4019288 May 2017 Preview of the Quality Rollups for the .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, and 4.6.2 for Windows 7 and Windows Server 2008 R2: May 16, 2017

For more information about this security update as it relates to Windows Server 2008 Service Pack 2, see the following article in the Microsoft Knowledge Base:

4019291 May 2017 Preview of the Quality Rollups for the .NET Framework 2.0 Service Pack 2, 4.5.2, and 4.6 for Windows Server 2008 Service Pack 2 (KB4019291): May 16, 2017

How to get this update

Windows Update

This update is available from Windows Update, as an optional update.

Manual download

To get the stand-alone package for this update, go to one of the following:


To apply this update, you must have the .NET Framework 4.6, 4.6.1, or 4.6.2 installed for Windows 7 SP1 or Windows Server 2008 R2 SP1. Or, you must have the .NET Framework 4.6 installed for Windows Server 2008 SP2.

Restart requirement

You must restart the computer after you apply this update if any affected files are being used. We recommend that you exit all .NET Framework-based applications before you apply this update.

File information

Applies to

This article applies to the following:
  • Microsoft .NET Framework 4.6, 4.6.1, and 4.6.2 when used with:
    • Windows Server 2008 R2 Service Pack 1
    • Windows 7 Service Pack 1
  • Microsoft .NET Framework 4.6 when used with:
    • Windows Server 2008 Service Pack 2