Well, according to support, the answer is "because". I really felt like I didn't get a straight answer out of support for this question. Like I had to ask the same question 3 times before getting any kind of answer. I'm not sure if they weren't understanding my question or if I wasn't understanding their answer.
Apparently looking at diagnostics won't tell you what's wrong, only what *may* be an issue. It's up to you to dig into each item and determine if you are effected by it. Sort of deminishes the value of iHealth IMHO. Also, apparently iHealth looks at ALL the software on your device, even non-active partitions. It's good practice to keep the old software on the system as a roll back point. Thus, 17.1.0.3 Point Release 3 0.0.4 is still on my system in a non-active partition. The issue is detected in the 17.1.0.3 Point Release 3 0.0.4 which is on my system (though it's not an active partition) so that's also why I'm seeing it.
I just hope I never have to give this diagnostic page to an auditor. I don't want to have to try and explain to the auditor that while the diag SAYS I have 3 critical vulnerabilites, I don't REALLY have them. Then have to go through the process of proving it as well.
I really want to see if deleting the non-active partition off my system will clear the error or not. However my current plan is to always keep the older version on a non-active partition until it's time to upgrade to the next version. IE 17.1.0.3 Point Release 3 0.0.4 will stay on my box until I'm ready to upgrade to 17.1.1 and only then in one of the first few steps in installing the 17.1.1, I delete the 17.1.0.3 partition.