MS17-APR Source Release Dates

Where is the source release date for the MS17-APR updates pulled from?

While most of the KBs that were made available with the Patches for Windows, version 2732 site update are listed with a release date of April 11th from Microsoft’s website, the fixlets in IBM have dates ranging from March 22nd to April 10th.

Some examples:
KB3178703: IBM release 2017/03/22, MS release 2017/04/11
KB2589382: IBM release 2017/03/22, MS release 2017/04/11
KB4014661: IBM release 2017/04/07, MS release 2017/04/11

At first I thought the source release dates might be taken from the Microsoft Update Catalog, but for all three of the below the “Last Updated” column is listed as 2017/04/07, so that doesn’t match either.

As we use Source Release Date to determine when a computer is non-compliant for recent patches, having this kind of discrepancy between when the update was published/made available could be a challenge. Any information you could shed on this would be good.


Was just coming to post this. We have a ton of reporting and automation based on this, and needless to say this screwed stuff up.


Interestingly, MS seem to be throwing in a mixture of dates that might be contributing to this
Description of the security update for Outlook 2010: April 11, 2017 - Microsoft Support, Microsoft themselves describe the update as “Description of the security update for Outlook 2010: April 11, 2017” yet go to the download page and click on the details and they show the date published as March 31st 2017.

Similarly Description of the security update for 2007 Microsoft Office Suite: April 11, 2017 - Microsoft Support shows KB3141529 as being the “Description of the security update for 2007 Microsoft Office Suite: April 11, 2017” yet the date published from the Details section on the download link is 3/22/2017.

These “old” dates on the fixlets though certainly do mess things up as we calculate compliance on all our endpoints based on x number of days from the release date in the fixlet so we will be seeing a high number of machines become non-compliant approx 2 weeks too early and the non-compliance will restrict access to our enterprise resources for those systems.


Hi all,

Thanks for the report! This is a known issue that there are different publish dates for Microsoft patches, and BigFix has a hard time telling which one to mark on the Fixlets. However, for Security Updates released on Update Tuesday, I believe the convention is to use the Tuesday’s date as the Source Release Date, regardless of other sources.

However, since this time Microsoft has switched how Security Updates are made available to the public, we switched too to our new facility, which I believe did not observe the convention. We will update the content to fix this soon.

Update: Fixlets updated and published to Patches for Windows, version 2733. @SLB, @mwolff, @wmehardt


Thank you @BaiYunfei

1 Like


Thank you for the update, much appreciated!