May 9, 2017—KB4019263 (Security-only update)

Applies to: Windows 7 Service Pack 1Windows Server 2008 R2 Service Pack 1

Improvements and fixes


This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include:

  • Updated Windows Cryptography API to deprecate SHA-1 for SSL/TLS Server Authentication, including in Microsoft Edge and Internet Explorer 11 . See Advisory 4010323 for more information.

  • Security updates to Microsoft Graphics Component, Windows COM, Microsoft ActiveX, Windows Server, Windows kernel, and Microsoft Windows DNS.

For more information about the security vulnerabilities resolved, please refer to the Security Update Guide.

Known issues in this update


Symptom  Workaround
If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates. This issue is resovled by KB4022722.

How to get this update


This update will be downloaded and installed automatically from Windows Update. To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

More Information


  • This Security-Only Quality Update does not include security fixes for Internet Explorer. To obtain the security fixes for Internet Explorer, Cumulative Security Update for Internet Explorer KB4018271 should also be installed. Note that the Security Monthly Quality Rollup does contain security updates for Internet Explorer.
  • If you use update management processes other than Windows Update and you automatically approve all security updates classifications for deployment, this May 2017 Security-Only Quality Update KB4019263, the May 2017 Security Monthly Quality Rollup KB4018271, and the Cumulative Security Update for Internet Explorer KB4014661 are deployed. We recommend that you review your update deployment rules to make sure the desired updates are deployed.