April 11, 2017—KB4015547 (Security-only update)

Applies to: Windows 8.1Windows Server 2012 R2

Improvements and fixes


This security update resolves security vulnerabilities in Hyper-V, libjpeg image-process library, Win32K, Adobe Type Manager font driver, Active Directory Federation Services, Lightweight Directory Access Protocol, Windows kernel-mode drivers, OLE, Scripting Engine, Windows Graphics component and Internet Explorer in addition to these quality improvements:

  • Addressed an issue that was causing Authentication Success and Failure events with Event ID 4768 to not be logged after installing KB4012213.
  • Addressed a bug check encountered on Windows Server 2012 R2 Hyper-V hosts with error code 0xE4 after installing KB4012213.
  • Enabled detection of processor generation and hardware support when PC tries to scan or download updates through Windows Update.
For more information about the security vulnerabilities resolved, please refer to the Security Update Guide.

Known issues in this update


 Symptom  Workaround / Resolution
If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates. This issue is resolved by KB4022717.
If a Server 2012 R2 system uses an Intel Xeon (E3 v6) family of processors, installing this update will block downloading and installing future Windows updates. This issue is resolved by KB4022717.
After installing this update on Windows Server 2012 R2 DC, you may notice Kerberos Key Distribution Center (KDC) service fails to start and error events are logged in the System Event log with Event ID: 7023 -  The parameter is incorrect.

Install the April 2017 Monthly Rollup Update KB4015550
or
Install the March 2017 Security-only update KB4012213.

This security update introduced an issue in which, if an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected. Microsoft is working on a resolution and will provide an update in an upcoming release. For more information about this issue, see the following section.

How to get this update


To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

  • Prerequisites 
    To apply this update, you must have Windows 8.1 and Windows Server 2012 R2 update: April 2014 (KB2919355) installed.
  • File information
    For a list of the files that are provided in this update, download the file information for update 4015547.

More Information


  • The security fixes that are listed in this Security Only Quality Update KB4015547 are also included in the April 2017 Security Monthly Quality Rollup, KB4015550. Installing either update KB4015547 or KB4015550 installs the security fixes that are listed here. 
  • This Security Only Quality Update does not include security fixes for Internet Explorer. In order to obtain the security fixes for Internet Explorer, the Cumulative Security Update for Internet Explorer KB4014661 should also be installed. Note that the Security Monthly Quality Rollup does contain security updates for Internet Explorer.
  • If you use update management processes other than Windows Update and you automatically approve all security updates classifications for deployment, the April 2017 Security Only Quality Update KB4015547, April 2017 Security Monthly Quality Rollup KB4015550, and the Cumulative Security Update for Internet Explorer KB4014661 are deployed. We recommend that you review your update deployment rules to make sure the desired updates are deployed.
  • This Security Only Quality Update is not applicable for installation on a computer on which the Security Monthly Quality Rollup or Preview of Monthly Quality Rollup from April 2017 (or a later month) is already installed. This is because those updates contain all of the security fixes that are included in this Security Only Quality Update.