.NET Framework January 2024 Security and Quality Rollup

Salini Agarwal

[Revised 01/24/2024] To add missing product versions of Windows Server 2012 and Windows Server 2012 R2.

[Revised 01/16/2024] To fix the typo and link for CVE.

Today, we are releasing the January 2024 Security and Quality Rollup Updates for .NET Framework.

Security

CVE-2023-36042 – .NET Framework Denial of Service Vulnerability

This security update addresses a security feature bypass vulnerability detailed in CVE 2023-36042.

CVE-2024-0056 – .NET Framework Security Feature Bypass Vulnerability

This security update addresses a security feature bypass vulnerability detailed in CVE 2024-0056.

CVE-2024-0057 – .NET Framework Security Feature Vulnerability

This security update addresses an elevation of privilege vulnerability detailed in CVE 2024-0057.

CVE-2024-21312 – .NET Framework Denial of Service Vulnerability

This security update addresses a denial of service vulnerability detailed in CVE 2024-21312.

.NET Framework Remote Code Execution Vulnerability

This security update addresses a remote code execution vulnerability to HTTP .NET remoting server channel chain.

Quality and Reliability

There are no new Quality and Reliability Improvements in this update.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

**Note**: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product Version Cumulative Update
Microsoft server operating system, version 23H2
.NET Framework 3.5, 4.8.1 Catalog 5033917
Windows 11, version 22H2 and Windows 11, version 23H2
.NET Framework 3.5, 4.8.1 Catalog 5033920
Windows 11, version 21H2 5034276
.NET Framework 3.5, 4.8 Catalog 5033912
.NET Framework 3.5, 4.8.1 Catalog 5033919
Microsoft server operating system, version 22H2 5034272
.NET Framework 3.5, 4.8 Catalog 5033914
.NET Framework 3.5, 4.8.1 Catalog 5033922
Microsoft server operating system version 21H2 5034272
.NET Framework 3.5, 4.8 Catalog 5033914
.NET Framework 3.5, 4.8.1 Catalog 5033922
Windows 10, version 22H2 5034275
.NET Framework 3.5, 4.8 Catalog 5033909
.NET Framework 3.5, 4.8.1 Catalog 5033918
Windows 10, version 21H2 5034274
.NET Framework 3.5, 4.8 Catalog 5033909
.NET Framework 3.5, 4.8.1 Catalog 5033918
Windows 10 1809 and Windows Server 2019 5034273
.NET Framework 3.5, 4.7.2 Catalog 5033904
.NET Framework 3.5, 4.8 Catalog 5033911
Windows 10 1607 and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5034119
.NET Framework 4.8 Catalog 5033910
Windows 10 1507
.NET Framework 3.5, 4.6, 4.6.2 Catalog 5034134

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup Security Only Update
Windows Server 2012 R2 5034279
.NET Framework 3.5 Catalog 5033900
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5033906
.NET Framework 4.8 Catalog 5033915
Windows Server 2012 5034278
.NET Framework 3.5 Catalog 5033897
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5033905
.NET Framework 4.8 Catalog 5033913
Windows Server 2008 5034280 5034270
.NET Framework 2.0, 3.0 Catalog 5033898 Catalog 5033945
.NET Framework 3.5 Catalog 5034008 Catalog 5033952
.NET Framework 4.6.2 Catalog 5033907 Catalog 5033947
Windows Server 2008 R2 5034277 5034269
.NET Framework 3.5.1 Catalog 5033899 Catalog 5033946
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5033907 Catalog 5033947
.NET Framework 4.8 Catalog 5033916 Catalog 5033948

The operating system row lists a KB which will be used for update offering purposes. When the operating system KB is offered, the applicability logic will determine the specific .NET Framework update(s) will be installed. Updates for individual .NET Framework versions will be installed based on the version of .NET Framework that is already present on the device. Because of this the operating system KB is not expected to be listed as installed updates on the device. The expected update to be installed are the .NET Framework specific version updates listed in the table above.

 

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

6 comments

Leave a comment

Feedback usabilla icon