Microsoft’s July 2017 patches: issues collection

Windows Update[German]Microsoft has releases several updates in July 2017 for Windows and Office. Several of these updates are causing serious issues and/or confusion. Here is a collection of issues I found so far.


Update KB4033428 – no details yet

First of all, Microsoft released Update KB4033428 for Windows Server 2012 R 2 on July 18, 2017. In it's best manner Microsoft wrote "Windows Server 2012 R2 processor generation detection reliability update", but no more details yet. My MVP colleague Susan Bradley asked on Microsoft partner net Why should we install KB4033428? without receiving an answer till yet. Also at AskWoody is a post without details enlighten the reason why we should install this update. So my suggestion is, to block this update until Microsoft give us details what this update is for.

Update KB4025335 bricks NAP

Recently I published the blog post Windows 8.1 Preview Rollup Update KB4025335. A German blog reader GB left a comment within the German blog post:

Unter Server 2012 R2 legt das Update die zertifikatsbasierte Computerauthentifizierung des NAP lahm. Leider lässt es sich auch nicht deinstallieren.

Freely translated: Update KB4025335 bricks certificate based authentification for NAP, an the update can't be installed. Microsoft writes about Network Access Protection (NAP):

 Network Access Protection (NAP) is designed to help administrators maintain the health of the computers on the network, which in turns helps maintain the overall integrity of the network. 

In Windows 10 the NAP client has been removed (see).

A workaround is available

Searching the web yesterday, I came across a Technet forum thread, where the issue is also under discussion. A Microsoft employee described yesterday a workaround:


As a workaround, create the following registry on your server:

Create DWORD registry key under:
New_DWORD: DisableEndEntityClientCertCheck
and set value to 0

It seems that this registry entry will fix the issue. 

Updates KB4025336 and KB4025331 bricks WSUS

Users operating Windows Sever Update Service (WSUS) at Windows Server 2012 (and R2) will facing issues with updates KB4025336 and KB4025331. Both updates are blocking the clients update search, so WSUS can't deliver updates for Office and Windows. I've covered this issue within my blog post July 2017 Updates KB4025336/KB4025331 breaks WSUS. The solution: Uninstall the updates – I some scenarios it helps to change the port used. 

Unfixes June 2017 update Outlook bugs

On June 13, 2017, Microsoft released Office security updates, that are causing serious issues in Outlook. From a broken search or missing iCloud synchronization up to blocked  RTF attachments. I've published several blog post about those issues (see link list at articles end). After failing with several repair attempts, Microsoft pulled several updates on July 12. 2017 (see Microsoft pulls Updates for Outlook 2010/2013/2016). Till now I haven't seen a fix.

The IE 11 security/printing dilemma

The is also a dilemma for admins in enterprise environments. Microsoft released a critical security update (KB402155) for Internet Explorer in June 2017. Then they released additional updates to fix this printing issues (see IE11 printing issues in Windows are fixed (June 2017)). But this ended with IE crashes.

Woody Leonhard has published this ComputerWorld article, dealing with the patch history. Microsoft has released fixes for the fixes, so the IE printing and crashing issues has been resolved. But those updates are disabling the code to fix the security issues within Internet Explorer. A discussion my be found here, and there is this link to Microsoft's CVE-2017-8529-Advisory. The wrote for 07/11/2017 (Revision 4.2):

Please note that the protection for CVE-2017-8529 is not yet available with the release of the July security updates, as we continue to work on a solution for the known issue customers may experience when printing from Internet Explorer or Microsoft Edge after installing Internet Explorer Cumulative update 4021558. Customers who receive automatic updates will not be protected from this CVE. Microsoft is continuing to investigate a solution for this known issue and will notify customers as soon as an update is available.

Currently no patch to fix this dilemma are known.

Excel quick access bar

Woody Leonhard has also this article at, reporting issues with Excel's quick access bar. This should be fixed in Windows 10 Version 1706 (Build 8229.2103) with an update, according to this thread – and Bill Jelen has published also a workaround.

Overall, a lot of unsolved issues are still open. I fear, I lost track, what's still open too. Is something missing – is something fixed, I'm not aware of?

Similar articles:
Outlook issues after June 2017 security updates
Microsoft Outlook: Fix for iCloud Sync problem
Microsoft pulls Updates for Outlook 2010/2013/2016
Fixing Microsoft Outlook Search Bug after June 2017 Update
IE11 printing issues in Windows are fixed (June 2017)

Cookies helps to fund this blog: Cookie settings

This entry was posted in Office, Windows and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *