C# August 2018 Security and Quality Rollup

  • Thread starter Tara Overfield [MSFT]
  • Start date
T

Tara Overfield [MSFT]

Guest
#1
Today, we are releasing the August 2018 Security and Quality Rollup.

Security

CVE-2018-8360 – Windows Information Disclosure Vulnerability


This update resolves an information disclosure vulnerability in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load/high-density network connections in which content from one stream can blend into another stream.

To exploit the vulnerability, an attacker who can access one tenant in a high-load/high-density environment could potentially trigger multi-tenanted data exposure from one customer to another.

This security update addresses the vulnerability by correcting the way that .NET Framework handles high-load/high-density network connections.

CVE-2018-8360

Quality and Reliability


This release contains the following quality and reliability improvements.

CLR

  • Applications that rely on COM components were failing to load or run correctly because of “access denied”, “class not registered”, or “internal failure occurred for unknown reasons” errors described in 4345913 and Blog Advisory. [651528]

Note: Additional information on these improvements is not available. The VSTS bug number provided with each improvement is a unique ID that you can give Microsoft Customer Support, include in StackOverflow comments or use in web searches.

Getting the Update


The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.

Microsoft Update Catalog


You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.

The following table is for Windows 10 and Windows Server 2016+.

Product Version Security and Quality Rollup KB
Windows 10 1803 (April 2018 Update) Catalog
4343909

.NET Framework 3.5 4343909
.NET Framework 4.7.2 4343909
Windows 10 1709 (Fall Creators Update) Catalog
4343897

.NET Framework 3.5 4343897
.NET Framework 4.7.1 4343897
Windows 10 1703 (Creators Update) Catalog
4343885

.NET Framework 3.5 4343885
.NET Framework 4.7, 4.7.1 4343885
Windows 10 1607 (Anniversary Update)
Windows Server 2016
Catalog
4343887

.NET Framework 3.5 4343887
.NET Framework 4.6.2, 4.7, 4.7.1 4343887
Windows 10 1507 Catalog
4343892

.NET Framework 3.5 4343892
.NET Framework 4.6, 4.6.1, 4.6.2 4343892

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup KB Security Only Update KB
Windows 8.1
Windows RT 8.1
Windows Server 2012 R2
Catalog
4345592
Catalog
4345681

.NET Framework 3.5 4344153 4344178
.NET Framework 4.5.2 4344147 4344171
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 4344145 4344166
Windows Server 2012 Catalog
4345591
Catalog
4345680

.NET Framework 3.5 4344150 4344175
.NET Framework 4.5.2 4344148 4344172
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 4344144 4344165
Windows 7
Windows Server 2008 R2
Catalog
4345590
Catalog
4345679

.NET Framework 3.5.1 4344152 4344177
.NET Framework 4.5.2 4344149 4344173
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 4344146 4344167
Windows Server 2008 Catalog
4345593
Catalog
4345682

.NET Framework 2.0, 3.0 4344151 4344176
.NET Framework 4.5.2 4344149 4344173
.NET Framework 4.6 4344146 4344167
Docker Images


We are updating the following .NET Framework Docker images for today’s release:


Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Previous Monthly Rollups


The last few .NET Framework Monthly updates are listed below for your convenience:


Continue reading...
 
Top