May 16, 2017—KB4019217 (Preview of Monthly Rollup)

Applies to: Windows 8.1Windows Server 2012 R2

Improvements and fixes


This non-security update includes improvements and fixes that were a part of Monthly Rollup KB4019215 (released May 9, 2017) and also includes these new quality improvements as a preview of the next Monthly Rollup update:

  • Addressed issue related to establishing a secure connection to a server using the TLS protocol. The application may hang when the server certificate specifies a secure URL (HTTPS) for the Certificate Revocation List (CRL) or for the Authority Information Access (AIA) values within the certificate.
  • Addressed issue where changing your password while not directly connected to the enterprise network, such as with a VPN, will cause your private keys to become inaccessible. Symptoms vary including the inability to encrypt/decrypt or sign documents.
  • Addressed issue where performing a factory reset fails because a new authenticated variable that was added to the firmware cannot be deleted during factory reset. When the factory reset encounters this variable, it gets an error and does not complete the reset.
  • Addressed issue where users may experience slow logons when logging on to Windows Server 2012 R2 servers that have a high amount of open connections. The issue is caused by the collection of bandwidth statistics on the open connections for the processing of group policy.
  • Addressed issue where the Server Message Block 3.0’s Continuous Availability feature degrades software performance when the FindFirstFileEx() function receives a path that ends with ".." or ".".
  • Addressed issue where the Common Log File System references an invalid parameter when users create new folders and new tasks using Task Scheduler, which generates Stop Error 0x24.
  • Addressed issue where removable devices do not work as expected after applying KB3179574 and when auditing of removable devices is enabled.
  • Addressed issue where a Virtual Machine sporadically loses its network connection completely.
  • Addressed issue where Windows Event Forwarding between two 2012 R2 servers makes reports incompatible with third-party Security Information and Event Management software.
  • Addressed an issue where LSASS consumes large amounts of memory on 2012 R2 Domain Controllers during a security descriptor propagation operation. This issue occurs when a security descriptor change is made on a root object with lots of descendants. Additionally, Applies To is set to "This object and all descendant objects."
  • Addressed issue where Work Folders clients using token broker do not work (“Access denied” error) when using an Active Directory Federation Services Server 2012 R2.

Known issues in this update


Symptom  Workaround
If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates. This issue is resolved by KB4022726.
If a Server 2012 R2 system uses an Intel Xeon (E3 v6) family of processors, installing this update will block downloading and installing future Windows updates. This issue is resolved by KB4022726.
 
This update introduced an issue in which, if an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected. Microsoft is working on a resolution and will provide an update in an upcoming release. For more information about this issue, see the following section.

How to get this update


This is provided as an Optional update on Windows Update. For more information about how to run Windows Update, see How to get an update through Windows Update. To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

  • Prerequisites
    To apply this update, you must have the Windows 8.1 and Windows Server 2012 R2 update from April 2014, KB2919355, installed.
  • File information
    For a list of the files that are provided in this update, download the file information for update 4019217