.NET Framework January 2024 Security and Quality Rollup

[Revised 01/24/2024] To add missing product versions of Windows Server 2012 and Windows Server 2012 R2.

[Revised 01/16/2024] To fix the typo and link for CVE.

Today, we are releasing the January 2024 Security and Quality Rollup Updates for .NET Framework.

Security

CVE-2023-36042 – .NET Framework Denial of Service Vulnerability

This security update addresses a security feature bypass vulnerability detailed in CVE 2023-36042.

CVE-2024-0056 – .NET Framework Security Feature Bypass Vulnerability

This security update addresses a security feature bypass vulnerability detailed in CVE 2024-0056.

CVE-2024-0057 – .NET Framework Security Feature Vulnerability

This security update addresses an elevation of privilege vulnerability detailed in CVE 2024-0057.

CVE-2024-21312 – .NET Framework Denial of Service Vulnerability

This security update addresses a denial of service vulnerability detailed in CVE 2024-21312.

.NET Framework Remote Code Execution Vulnerability

This security update addresses a remote code execution vulnerability to HTTP .NET remoting server channel chain.

Quality and Reliability

There are no new Quality and Reliability Improvements in this update.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

**Note**: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product Version	Cumulative Update
Microsoft server operating system, version 23H2
.NET Framework 3.5, 4.8.1	Catalog	5033917
Windows 11, version 22H2 and Windows 11, version 23H2
.NET Framework 3.5, 4.8.1	Catalog	5033920
Windows 11, version 21H2		5034276
.NET Framework 3.5, 4.8	Catalog	5033912
.NET Framework 3.5, 4.8.1	Catalog	5033919
Microsoft server operating system, version 22H2		5034272
.NET Framework 3.5, 4.8	Catalog	5033914
.NET Framework 3.5, 4.8.1	Catalog	5033922
Microsoft server operating system version 21H2		5034272
.NET Framework 3.5, 4.8	Catalog	5033914
.NET Framework 3.5, 4.8.1	Catalog	5033922
Windows 10, version 22H2		5034275
.NET Framework 3.5, 4.8	Catalog	5033909
.NET Framework 3.5, 4.8.1	Catalog	5033918
Windows 10, version 21H2		5034274
.NET Framework 3.5, 4.8	Catalog	5033909
.NET Framework 3.5, 4.8.1	Catalog	5033918
Windows 10 1809 and Windows Server 2019		5034273
.NET Framework 3.5, 4.7.2	Catalog	5033904
.NET Framework 3.5, 4.8	Catalog	5033911
Windows 10 1607 and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2	Catalog	5034119
.NET Framework 4.8	Catalog	5033910
Windows 10 1507
.NET Framework 3.5, 4.6, 4.6.2	Catalog	5034134

The following table is for earlier Windows and Windows Server versions.

Product Version	Security and Quality Rollup		Security Only Update
Windows Server 2012 R2		5034279
.NET Framework 3.5	Catalog	5033900
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2	Catalog	5033906
.NET Framework 4.8	Catalog	5033915
Windows Server 2012		5034278
.NET Framework 3.5	Catalog	5033897
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2	Catalog	5033905
.NET Framework 4.8	Catalog	5033913
Windows Server 2008		5034280		5034270
.NET Framework 2.0, 3.0	Catalog	5033898	Catalog	5033945
.NET Framework 3.5	Catalog	5034008	Catalog	5033952
.NET Framework 4.6.2	Catalog	5033907	Catalog	5033947
Windows Server 2008 R2		5034277		5034269
.NET Framework 3.5.1	Catalog	5033899	Catalog	5033946
.NET Framework 4.6.2, 4.7, 4.7.1, 4.7.2	Catalog	5033907	Catalog	5033947
.NET Framework 4.8	Catalog	5033916	Catalog	5033948

The operating system row lists a KB which will be used for update offering purposes. When the operating system KB is offered, the applicability logic will determine the specific .NET Framework update(s) will be installed. Updates for individual .NET Framework versions will be installed based on the version of .NET Framework that is already present on the device. Because of this the operating system KB is not expected to be listed as installed updates on the device. The expected update to be installed are the .NET Framework specific version updates listed in the table above.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

7 comments

Shivam Srivastava (CONVERGYS CORPORATION)

February 27, 2024

.NET 4.7 and below version will get their security with Security cumulative update MS launch each patch Tuesday.
Vulnerability reported by Microsoft defender in the month of Feb’24 for .NetFramework v4.7 was remediated after installing security cumulative update KB5034767.
Point of further discussion here is… how security cumulative update KB5034767 is resolving vulnerability reported for for .NetFramework v4.7?? How they are interlinked?? What piece of information it is updating that is resolving .NetFramework vulnerability.?

Please reply...

Xuhua Chen January 24, 2024

Missing updates for 2K12/R2 such as KB5033900 and KB5033915

Salini Agarwal Author January 24, 2024 0

Hi Xuhua,

Thanks for reporting this issue. I have updated the blog post to include the missing operating systems.