April 11, 2017—KB4015547 (Security-only update)

2018-08-21T23:52:14
ID KB4015547
Type mskb
Reporter Microsoft
Modified 2018-08-21T23:53:09

Description

<html><body><p>Learn more about update KB4015547, including improvement and fixes, any known issues, and how to get the update.</p><h2>Improvements and fixes</h2><div><p>This security update resolves security vulnerabilities in Hyper-V, libjpeg image-process library, Win32K, Adobe Type Manager font driver, Active Directory Federation Services, Lightweight Directory Access Protocol, Windows kernel-mode drivers, OLE, Scripting Engine, Windows Graphics component and Internet Explorer in addition to these quality improvements:</p><ul><li>Addressed an issue that was causing Authentication Success and Failure events with Event ID 4768 to not be logged after installing KB4012213.</li><li>Addressed a bug check encountered on Windows Server 2012 R2 Hyper-V hosts with error code 0xE4 after installing KB4012213.</li><li>Enabled detection of processor generation and hardware support when PC tries to scan or download updates through Windows Update.<span></span></li></ul><span>For more information about the security vulnerabilities resolved, please refer to the <a href="https://portal.msrc.microsoft.com/security-guidance">Security Update Guide</a>.</span></div><h2>Known issues in this update</h2><div><table class="table"><tbody><tr><th> Symptom</th><th> Workaround / Resolution</th></tr><tr><td>If the PC uses an AMD Carrizo DDR4 processor, installing this update will block downloading and installing future Windows updates.</td><td>This issue is resolved by <a href="https://support.microsoft.com/en-us/help/4022717" managed-link="">KB4022717</a>.</td></tr><tr><td><span>If a Server 2012 R2 system uses an Intel Xeon (E3 v6) family of processors,</span><span> </span><span>installing this update will block downloading and installing future Windows updates.</span></td><td>This issue is resolved by <a href="https://support.microsoft.com/en-us/help/4022717" managed-link="">KB4022717</a>.</td></tr><tr><td>After installing this update on Windows Server 2012 R2 DC, you may notice Kerberos Key Distribution Center (KDC) service fails to start and error events are logged in the System Event log with Event ID: 7023 -  The parameter is incorrect.</td><td><p>Install the April 2017 Monthly Rollup Update <span><span><span><a data-content-id="4015550" data-content-type="article" href="https://support.microsoft.com/en-us/help/4015550" target="">KB4015550</a> </span></span></span><br/>or<br/>Install the March 2017 Security-only update <span><span><span><a data-content-id="4012213" data-content-type="article" href="https://support.microsoft.com/en-us/help/4012213" target="">KB4012213</a>.</span></span></span></p></td></tr><tr><td>This security update introduced an issue in which, if an iSCSI target becomes unavailable, attempts to reconnect will cause a leak. Initiating a new connection to an available target will work as expected.</td><td>Microsoft is working on a resolution and will provide an update in an upcoming release. <span>For more information about this issue, see the following section.</span></td></tr></tbody></table></div><div class="faq-section" faq-section=""><div class="faq-panel"><div class="faq-panel-heading" faq-panel-heading=""><span class="link-expand-image"><span class="faq-chevron win-icon win-icon-ChevronUpSmall"></span></span> <span class="bold btn-link link-expand-text">More information about the iSCSI issue</span></div><div class="faq-panel-body" faq-panel-body=""><p>Windows Server 2012 R2 and Server 2016 computers that experience disconnections to iSCSI attached targets may show many different symptoms. These include, but are not limited to:</p><ul><li>The operating system stops responding</li><li>You receive Stop errors (Bugcheck errors) 0x80, 0x111, 0x1C8, 0xE2, 0x161, 0x00, 0xF4, 0xEF, 0xEA, 0x101, 0x133, or 0xDEADDEAD.</li><li>User log on failures occur together with a "No Logon Servers Available" error.</li><li>Application and service failures occur because of ephemeral port exhaustion.</li><li>An unusually high number of ephemeral ports are being used by the System process.</li><li>An unusually high number of threads are being used by the System process.</li></ul><p><strong class="sbody-strong">Cause</strong><br/><br/>This issue is caused by a locking issue on Windows Server 2012 R2 and Windows Server 2016 RS1 computers, causing connectivity issues to the iSCSI targets. The issue can occur after installing any of the following updates:</p><p><strong class="sbody-strong">Windows Server 2012 R2</strong></p><table class="table"><tbody><tr><td width="124"><p>Release date</p></td><td width="126"><p>KB</p></td><td width="357"><p>Article title</p></td></tr><tr><td width="124"><p>May 16, 2017</p></td><td width="126"><p>KB <a href="https://support.microsoft.com/en-us/help/4015553"><u>4015553</u></a></p></td><td width="357"><p>April 18, 2017—KB4015553 (Preview of Monthly Rollup)</p></td></tr><tr><td width="124"><p>May 9, 2017</p></td><td width="126"><p>KB <a href="https://support.microsoft.com/en-us/help/4019215"><u>4019215</u></a></p></td><td width="357"><p>May 9, 2017—KB4019215 (Monthly Rollup)</p></td></tr><tr><td width="124"><p>May 9, 2017</p></td><td width="126"><p>KB <a href="https://support.microsoft.com/en-us/help/4019213"><u>4019213</u></a></p></td><td width="357"><p>May 9, 2017—KB4019213 (Security-only update)</p></td></tr><tr><td width="124"><p>April 18, 2017</p></td><td width="126"><p>KB <a href="https://support.microsoft.com/en-us/help/4015553"><u>4015553</u></a></p></td><td width="357"><p>April 18, 2017—KB4015553 (Preview of Monthly Rollup)</p></td></tr><tr><td width="124"><p>April 11, 2017</p></td><td width="126"><p>KB <a href="https://support.microsoft.com/en-us/help/4015550"><u>4015550</u></a></p></td><td width="357"><p>April 11, 2017—KB4015550 (Monthly Rollup)</p></td></tr><tr><td width="124"><p>April 11, 2017</p></td><td width="126"><p>KB <a href="https://support.microsoft.com/en-us/help/4015547"><u>4015547 </u></a></p></td><td width="357"><p>April 11, 2017—KB4015547 (Security-only update)</p></td></tr><tr><td width="124"><p>March 21, 2017</p></td><td width="126"><p>KB <a href="https://support.microsoft.com/en-us/help/4012219"><u>4012219</u></a></p></td><td width="357"><p>March 2017 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2</p></td></tr></tbody></table><p><strong class="sbody-strong">Windows Server 2016 RTM (RS1) </strong></p><table class="table"><tbody><tr><td width="124"><p>Release date</p></td><td width="126"><p>KB</p></td><td width="357"><p>Article title</p></td></tr><tr><td width="124"><p>May 16, 2017</p></td><td width="126"><p>KB <a href="https://support.microsoft.com/en-us/help/4023680"><u>4023680</u></a></p></td><td width="357"><p>May 26, 2017—KB4023680 (OS Build 14393.1230)</p></td></tr><tr><td width="124"><p>May 9, 2017</p></td><td width="126"><p>KB <a href="https://support.microsoft.com/en-us/help/4019472"><u>4019472</u></a></p></td><td width="357"><p>May 9, 2017—KB4019472 (OS Build 14393.1198)</p></td></tr><tr><td width="124"><p>April 11, 2017</p></td><td width="126"><p>KB <a href="https://support.microsoft.com/en-us/help/4015217"><u>4015217</u></a></p></td><td width="357"><p>April 11, 2017—KB4015217 (OS Build 14393.1066 and 14393.1083)</p></td></tr></tbody></table><p><br/><strong class="sbody-strong">Verification</strong></p><ul><li>Verify the version of the following MSISCSI driver on the system:<br/><br/>c:\windows\system32\drivers\msiscsi.sys<br/><br/>The version that will expose this behavior is 6.3.9600.18624 for Windows Server 2012 R2 and version 10.0.14393.1066 for Windows Server 2016.</li><li>The following events are logged in the System log:<table class="table"><tbody><tr><td width="99"><p>Event source</p></td><td width="79"><p>ID</p></td><td width="371"><p>Text</p></td></tr><tr><td width="99"><p>iScsiPrt</p></td><td width="79"><p>34</p></td><td width="371"><p>A connection to the target was lost, but the Initiator successfully reconnected to the target. Dump data contains the target name.</p></td></tr><tr><td width="99"><p>iScsiPrt</p></td><td width="79"><p>39</p></td><td width="371"><p>The Initiator sent a task management command to reset the target. The target name is given in the dump data.</p></td></tr><tr><td width="99"><p>iScsiPrt</p></td><td width="79"><p>9</p></td><td width="371"><p>Target did not respond in time for a SCSI request. The CDB is given in the dump data.</p></td></tr></tbody></table></li><li>Review the number of threads that are running under the System process, and compare this to a known working baseline.</li><li>Review the number of handles that are currently opened by the System process, and compare this to a known working baseline.</li><li>Review the number of ephemeral ports that are being used by the System process.</li><li>From an administrative Powershell, run the following command:<br/><br/><strong>Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Sort Count</strong><br/><br/>Or, from an administrative CMD prompt, run the following NETSTAT command together with the "Q" switch. This shows "bound" ports that are no longer connected:<br/><br/><strong>NETSTAT –ANOQ </strong><br/><br/>Focus on ports that are owned by the SYSTEM process.<br/><br/>For the three previous points, anything more than 12,000 should be considered suspect. If iSCSI targets are present in the computer, there is high probability that the issue will occur.</li></ul><p><strong class="sbody-strong">Resolution</strong><br/><br/>If the event logs indicate that many reconnections are occurring, work with your iSCSI and network fabric vendor to help diagnose and correct the reason for the failure to maintain connections to iSCSI targets. Make sure that iSCSI targets can be accessed over the current network fabric. Install updated fixes when they become available. This article will be updated with the specific KB article number of the fix to install when it becomes available.<br/><br/><strong>Note</strong> We do not recommend that you uninstall any of the March, April, May, or June security rollups. Doing so will expose the computers to known security exploits and other bugs that are mitigated by monthly updates. We recommend that you first work with iSCSI target and network vendors to resolve the connectivity issues that are triggering target reconnects.</p></div></div></div><h2>How to get this update</h2><p>To get the stand-alone package for this update, go to the <a href="http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4015547">Microsoft Update Catalog</a> website.</p><ul><li><span><strong>Prerequisites</strong> <br/></span><span>To apply this update, you must have Windows 8.1 and Windows Server 2012 R2 update: April 2014 (<a data-content-id="2919355" data-content-type="article" href="http://support.microsoft.com/help/2919355" target="">KB2919355</a>) installed.</span></li><li><strong>File information<br/></strong>For a list of the files that are provided in this update, download the <a data-content-id="" data-content-type="" href="http://download.microsoft.com/download/8/A/9/8A95AE52-F651-4579-887D-B8B5FD0F5048/4015547.csv" target="">file information for update 4015547</a>. </li></ul><h2>More Information</h2><ul><li><span>The security fixes that are listed in this Security Only Quality Update KB4015547 are also included in the April 2017 Security Monthly Quality Rollup, KB4015550. Installing either update KB4015547 or KB4015550 installs the security fixes that are listed here. </span></li><li><span>This Security Only Quality Update does not include security fixes for Internet Explorer. In order to obtain the security fixes for Internet Explorer, the Cumulative Security Update for Internet Explorer KB4014661 should also be installed. Note that the Security Monthly Quality Rollup does contain security updates for Internet Explorer. </span></li><li><span>If you use update management processes other than Windows Update and you automatically approve all security updates classifications for deployment, the April 2017 Security Only Quality Update KB4015547, April 2017 Security Monthly Quality Rollup KB4015550, and the Cumulative Security Update for Internet Explorer KB4014661 are deployed. We recommend that you review your update deployment rules to make sure the desired updates are deployed. </span></li><li><span>This Security Only Quality Update is not applicable for installation on a computer on which the Security Monthly Quality Rollup or Preview of Monthly Quality Rollup from April 2017 (or a later month) is already installed. This is because those updates contain all of the security fixes that are included in this Security Only Quality Update. </span><span><br/></span></li></ul></body></html>