Updated: February 15, 2019
- A new Advisory on February 2019 Security update for Windows 10 update 1809 has been released today for issues customers have reported with .NET 4.8 Preview and this security update for Windows 10 update 1809 installed.
Updated: February 14, 2019
- Added the previously released previous release update information in quality and reliability for easier reference.
Yesterday, we released the February 2019 Security and Quality Rollup.
Security
CVE-2019-0613 – Remote Code Execution Vulnerability
This security update resolves a vulnerability in .NET Framework software if the software does not check the source markup of a file. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on by using administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who have administrative user rights.
CVE-2019-0657 – Domain Spoofing Vulnerability
This security update resolves a vulnerability in certain .NET Framework APIs that parse URLs. An attacker who successfully exploits this vulnerability could use it to bypass security logic that’s intended to make sure that a user-provided URL belonged to a specific host name or a subdomain of that host name. This could be used to cause privileged communication to be made to an untrusted service as if it were a trusted service.
Quality and Reliability
This release contains the following previously released quality and reliability improvements, January 2019 Preview of Quality Rollup.
Getting the Update
The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.
Microsoft Update Catalog
You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.
The following table is for Windows 10 and Windows Server 2016+ versions.
| Product Version | Security and Quality Rollup KB |
|---|---|
| Windows 10 1809 (October 2018 Update) | Catalog |
| Windows Server 2019 | 4483452 |
| .NET Framework 3.5, 4.7.2 | 4483452 |
| Windows 10 1803 (April 2018 Update) | Catalog 4487017 |
| .NET Framework 3.5, 4.7.2 | 4487017 |
| Windows 10 1709 (Fall Creators Update) | Catalog 4486996 |
| .NET Framework 3.5, 4.7.1, 4.7.2 | 4486996 |
| Windows 10 1703 (Creators Update) | Catalog 4487020 |
| .NET Framework 3.5, 4.7, 4.7.1, 4.7.2 | 4487020 |
| Windows 10 1607 (Anniversary Update) | Catalog |
| Windows Server 2016 | 4487026 |
| .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 | 4487026 |
| Windows 10 1507 | Catalog 4487018 |
| .NET Framework 3.5, 4.6, 4.6.1, 4.6.2 | 4487018 |
The following table is for earlier Windows and Windows Server versions.
| Product Version | Security and Quality Rollup KB | Security Only Update KB |
|---|---|---|
| Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 |
Catalog 4487080 |
Catalog 4487124 |
| .NET Framework 3.5 | Catalog 4483459 |
Catalog 4483484 |
| .NET Framework 4.5.2 | Catalog 4483453 |
Catalog 4483472 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog 4483450 |
Catalog 4483469 |
| Windows Server 2012 | Catalog 4487079 |
Catalog 4487122 |
| .NET Framework 3.5 | Catalog 4483456 |
Catalog 4483481 |
| .NET Framework 4.5.2 | Catalog 4483454 |
Catalog 4483473 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog 4483449 |
Catalog 4483468 |
| Windows 7 SP1 | Catalog | Catalog |
| Windows Server 2008 R2 SP1 | 4487078 | 4487121 |
| .NET Framework 3.5.1 | Catalog 4483458 |
Catalog 4483483 |
| .NET Framework 4.5.2 | Catalog 4483455 |
Catalog 4483474 |
| .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 | Catalog 4483451 |
Catalog 4483470 |
| Windows Server 2008 | Catalog 4487081 |
Catalog 4487124 |
| .NET Framework 2.0, 3.0 | Catalog 4483457 |
Catalog 4483482 |
| .NET Framework 4.5.2 | Catalog 4483455 |
Catalog 4483474 |
| .NET Framework 4.6 | Catalog 4483451 |
Catalog 4483470 |
Docker Images
We are updating the following .NET Framework Docker images for today’s release:
Note: Look at the “Tags” view in each repository to see the updated Docker image tags.
Note: Significant changes have been made with Docker images recently. Please look at .NET Docker Announcements for more information.
Previous Monthly Rollups
The last few .NET Framework Monthly updates are listed below for your convenience:
- January 22, 2018 Cumulative Update for Windows 10 version 1809 and Windows Server 2019
- January 2019 Preview of Quality Rollup
- January 2019 Security and Quality Rollup
- December 2018 Security and Quality Rollup
- November 2018 Preview of Cumulative Update for Windows 10 version 1809 and Windows Server 2019
We are having an issue that this update for Windows 10 1607 LTSB is not updating the system.dll file. Here is a clip for our Tenable.io scan for systems showing this error
Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :
Cumulative
- 4487026
C:\windows\Microsoft.NET\Framework\v2.0.50727\system.dll has not been patched.
Remote version : 2.0.50727.8784
Should be ...
I need to unit test the class below.
What steps would I need to take to get the class into a test harness? and
what would be a few tests I could write ?
public class MyDatabase
{
<code>
chnologies
myConn.Close();
<code>
}
Thanks
Hach Technologies
http://hachtechnologies