Today, we are releasing the December 2018 Security and Quality Rollup.
Security
CVE-2018-8540 – Windows Remote Code Execution Vulnerability
This security update resolves a vulnerability in Microsoft .NET Framework that could allow remote code execution when Microsoft .NET Framework doesn’t validate input correctly. The attacker who successfully exploits this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts that use full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who are granted administrative user rights.
To exploit the vulnerability, an attacker has to pass specific input to an application that uses susceptible .NET Framework methods.
This security update addresses the vulnerability by correcting how .NET Framework validates input.
To learn more about this vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2018-8540.
Getting the Update
The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.
Microsoft Update Catalog
You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.
The following table is for Windows 10 and Windows Server 2016+.
| Product Version | Security and Quality Rollup KB |
|---|---|
| Windows 10 1809 (October 2018 Update) Windows Server 2019 | Catalog 4470502 |
| .NET Framework 3.5 | 4470502 |
| .NET Framework 4.7.2 | 4470502 |
| Windows 10 1803 (April 2018 Update) | Catalog 4471324 |
| .NET Framework 3.5 | 4471324 |
| .NET Framework 4.7.2 | 4471324 |
| Windows 10 1709 (Fall Creators Update) | Catalog 4471329 |
| .NET Framework 3.5 | 4471329 |
| .NET Framework 4.7.1, 4.7.2 | 4471329 |
| Windows 10 1703 (Creators Update) | Catalog 4471327 |
| .NET Framework 3.5 | 4471327 |
| .NET Framework 4.7, 4.7.1, 4.7.2 | 4471327 |
| Windows 10 1607 (Anniversary Update) Windows Server 2016 | Catalog 4471321 |
| .NET Framework 3.5 | 4471321 |
| .NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 | 4471321 |
| Windows 10 1507 | Catalog 4471323 |
| .NET Framework 3.5 | 4471323 |
| .NET Framework 4.6, 4.6.1, 4.6.2 | 4471323 |
The following table is for earlier Windows and Windows Server versions.
| Product Version | Security and Quality Rollup KB | Security Only Update KB |
|---|---|---|
| Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 | Catalog 4471989 | Catalog 4471983 |
| .NET Framework 3.5 | 4470630 | 4470602 |
| .NET Framework 4.5.2 | 4470622 | 4470491 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | 4470639 | 4470499 |
| Windows Server 2012 | Catalog 4471988 | Catalog 4471982 |
| .NET Framework 3.5 | 4470629 | 4470601 |
| .NET Framework 4.5.2 | 4470623 | 4470492 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | 4470638 | 4470498 |
| Windows 7 Windows Server 2008 R2 | Catalog 4471987 | Catalog 4471981 |
| .NET Framework 3.5.1 | 4470641 | 4470600 |
| .NET Framework 4.5.2 | 4470637 | 4470493 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | 4470640 | 4470500 |
| Windows Server 2008 | Catalog 4471990 | Catalog 4471984 |
| .NET Framework 3.5 SP1 | 4471102 | 4470633 |
| .NET Framework 4.5.2 | 4470637 | 4470493 |
| .NET Framework 4.6 | 4470640 | 4470500 |
Docker Images
We are updating the following .NET Framework Docker images for today’s release:
Note: Look at the “Tags” view in each repository to see the updated Docker image tags.
Previous Monthly Rollups
The last few .NET Framework Monthly updates are listed below for your convenience:
0 comments