August 14th, 2018

.NET Framework August 2018 Security and Quality Rollup

Tara Overfield
Senior Software Engineer

Today, we are releasing the August 2018 Security and Quality Rollup.  This release also addressed the July issues explained in KB 4345913 and Advisory on July 2018 .NET Framework Updates.

Security

CVE-2018-8360 – Windows Information Disclosure Vulnerability

This update resolves an information disclosure vulnerability in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments. The vulnerability is caused when .NET Framework is used in high-load/high-density network connections in which content from one stream can blend into another stream.

To exploit the vulnerability, an attacker who can access one tenant in a high-load/high-density environment could potentially trigger multi-tenanted data exposure from one customer to another.

This security update addresses the vulnerability by correcting the way that .NET Framework handles high-load/high-density network connections.

CVE-2018-8360

Quality and Reliability

This release contains the following quality and reliability improvements.

CLR

  • Applications that rely on COM components were failing to load or run correctly because of “access denied”, “class not registered”, or “internal failure occurred for unknown reasons” errors described in KB 4345913 and Advisory on July 2018 .NET Framework Updates.  [651528]

Note: Additional information on these improvements is not available. The VSTS bug number provided with each improvement is a unique ID that you can give Microsoft Customer Support, include in StackOverflow comments or use in web searches.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.

The following table is for Windows 10 and Windows Server 2016+.

Product Version Security and Quality Rollup KB
Windows 10 1803 (April 2018 Update) Catalog 4343909
.NET Framework 3.5 4343909
.NET Framework 4.7.2 4343909
Windows 10 1709 (Fall Creators Update) Catalog 4343897
.NET Framework 3.5 4343897
.NET Framework 4.7.1, 4.7.2 4343897
Windows 10 1703 (Creators Update) Catalog 4343885
.NET Framework 3.5 4343885
.NET Framework 4.7, 4.7.1, 4.7.2 4343885
Windows 10 1607 (Anniversary Update) Windows Server 2016 Catalog 4343887
.NET Framework 3.5 4343887
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 4343887
Windows 10 1507 Catalog 4343892
.NET Framework 3.5 4343892
.NET Framework 4.6, 4.6.1, 4.6.2 4343892

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup KB Security Only Update KB
Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 Catalog 4345592 Catalog 4345681
.NET Framework 3.5 4344153 4344178
.NET Framework 4.5.2 4344147 4344171
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 4344145 4344166
Windows Server 2012 Catalog 4345591 Catalog 4345680
.NET Framework 3.5 4344150 4344175
.NET Framework 4.5.2 4344148 4344172
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 4344144 4344165
Windows 7 Windows Server 2008 R2 Catalog 4345590 Catalog 4345679
.NET Framework 3.5.1 4344152 4344177
.NET Framework 4.5.2 4344149 4344173
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 4344146 4344167
Windows Server 2008 Catalog 4345593 Catalog 4345682
.NET Framework 2.0, 3.0 4344151 4344176
.NET Framework 4.5.2 4344149 4344173
.NET Framework 4.6 4344146 4344167

Docker Images

We are updating the following .NET Framework Docker images for today’s release:

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

Category
.NET

Author

Tara Overfield
Senior Software Engineer

Tara is a Software Engineer on the .NET team. She works on releasing .NET Framework updates.

0 comments

Discussion are closed.