C# .NET Framework May 2018 Security and Quality Rollup

  • Thread starter Rich Lander [MSFT]
  • Start date
R

Rich Lander [MSFT]

Guest
#1
Today, we are releasing the May 2018 Security and Quality Rollup.

Security

CVE-2018-1039 – Windows Security Feature Bypass Vulnerability


A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies

CVE-2018-1039

CVE-2018-0765 – .NET and .NET Core Denial Of Service Vulnerability


A Denial of Service vulnerability exists when .NET, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET(or .NET core) application.

The update addresses the vulnerability by correcting how a .NET, and .NET core, applications handles XML document processing.

CVE-2018-0765

Quality and Reliability


This release contains no new following quality and reliability improvements.

Getting the Update


The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.

Microsoft Update Catalog


You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.

The following table is for Windows 10 and Windows Server 2016+.

Product Version Security and Quality Rollup KB
Windows 10 1803 (April 2018 Update) Catalog
4103721

.NET Framework 3.5 4103721
.NET Framework 4.7.2 4103721
Windows 10 1709 (Fall Creators Update) Catalog
4103727

.NET Framework 3.5 4103727
.NET Framework 4.7.1 4103727
Windows 10 1703 (Creators Update) Catalog
4103731

.NET Framework 3.5 4103731
.NET Framework 4.7, 4.7.1 4103731
Windows 10 1607 (Anniversary Update)
Windows Server 2016
Catalog
4103723

.NET Framework 3.5 4103723
.NET Framework 4.6.2, 4.7, 4.7.1 4103723
Windows 10 1507 Catalog
4103716

.NET Framework 3.5 4103716
.NET Framework 4.6, 4.6.1, 4.6.2 4103716

The following table is for earlier Windows and Windows versions.

Product Version Security and Quality Rollup KB Security Rollup KB
Windows 8.1
Windows RT 8.1
Windows Server 2012 R2
Catalog
4099635
Catalog
4099639

.NET Framework 3.5 4095875 4095515
.NET Framework 4.5.2 4095876 4095517
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 4096417 4096236
Windows Server 2012 Catalog
4099634
Catalog
4099638

.NET Framework 3.5 4095872 4095512
.NET Framework 4.5.2 4096494 4095518
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 4096416 4096235
Windows 7
Windows Server 2008 R2
Catalog
4099633
Catalog
4099637

.NET Framework 3.5.1 4095874 4095514
.NET Framework 4.5.2 4096495 4095519
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1 4096418 4096237
Windows Server 2008 Catalog
4099636
Catalog
4099640

.NET Framework 2.0, 3.0 4095873 4095513
.NET Framework 4.5.2 4096495 4095519
.NET Framework 4.6 4096418 4096237
Docker Images


We are updating the following .NET Framework Docker images for today’s release:


Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Previous Monthly Rollups


The last few .NET Framework Monthly updates are listed below for your convenience:


Continue reading...