May 9, 2017—KB4019213 (Security-only update)

Applies to: Windows 8.1Windows Server 2012 R2

Improvements and fixes


This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Updated Windows Cryptography API to deprecate SHA-1 for SSL/TLS Server Authentication, including in Microsoft Edge and Internet Explorer 11. See Advisory 4010323 for more information.

  • Security updates to Microsoft Graphics Component, Microsoft Windows DNS, Windows COM, Windows Server and Windows kernel.

For more information about the security vulnerabilities resolved, please refer to the Security Update Guide.

Known issues in this update


This security update introduced an issue in which, if an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected. Microsoft is researching this problem and will post more information in this article when the information becomes available.


For more information about this issue, see the following section.

How to get this update


This update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

More Information


  • This security-only quality update does not include security fixes for Internet Explorer. In order to obtain the security fixes for Internet Explorer, the Cumulative Security Update for Internet Explorer KB4018271 should also be installed. Note that the Security Monthly Quality Rollup does contain security updates for Internet Explorer.
  • If you use update management processes other than Windows Update and you automatically approve all security updates classifications for deployment, the May 2017 Security-Only Quality Update KB4019213, May 2017 Security Monthly Quality Rollup KB4019215, and the Cumulative Security Update for Internet Explorer KB4018271 are deployed. We recommend that you review your update deployment rules to make sure the desired updates are deployed.