Update (2017/05/15): Added Windows 10 entries to KB table.

Update (2017/05/09): Known issue information added for the release.

Update (2017/04/20): Known issue information added for the release.

Today, we are releasing a new Security and Quality Rollup and Security Only Update for the .NET Framework. You can read the April 2017 Security Updates Release Notes to learn about all changes being released today.

Known issue with the release: “Privilege not held” error with PowerShell “stop-computer” command: Workaround after April 2017 security updates from CVE-2017-0160.

Security

Microsoft Common Vulnerabilities and Exposures CVE17-0160

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to properly validate input before loading libraries. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker would first need to access the local system with the ability to execute a malicious application. The security update addresses the vulnerability by correcting how .NET validates input on library load.

Note: You can also search for the security update at Security TechCenter. Search for “CVE” 17-0160.

Quality and Reliability

There are no quality and reliability changes this month.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog. The Windows 10 updates are integrated with the Windows 10 Monthly Update, available via Windows Update.

Docker Images

The Windows ServerCore, IIS, .NET Framework, and ASP.NET Docker images have been updated to include the Monthly Rollup. Pulling the latest image will update your local Docker image cache.

Downloading KBs from Microsoft Update Catalog

See the table below to learn about version applicability and more detailed release-specific information. See .NET Framework Monthly Rollups Explained for an explanation on how to use this table to download patches from Microsoft Update Catalog.

See .NET Framework Deployment tables for detailed deployment information on the release.

Known Issues

The April 2017 Monthly Update contained a bug that caused the PowerShell Stop-Computer command to stop correctly functioning. This bug has since been fixed. You can get the fix in the following ways:

Using Windows 10

• Install the May 2017 Update.

Using an earlier version of Windows

• Wait for the next .NET Framework monthly update, which will include this fix. This approach is recommended if you are not experiencing this problem.
• Install the specific fix for this issue, listed below.

Note that the .NET Framework 4.7 contains the fix. If you are using Windows 10 Creators Update, you will still need to install the May 2017 Update to get this fix.

Previous Monthly Rollups

The last couple .NET Framework Rollup updates are listed below for your convenience:

• December 2016
• October 2016

Note: Previously released security and quality updates are included in today’s release.

More Information

You can read the .NET Framework Monthly Rollups Explained to learn more about how the .NET Framework is updated.