.NET Framework February 2019 Security and Quality Rollup

Tara Overfield

Tara

Updated: February 15, 2019

 

Updated: February 14, 2019

  • Added the previously released previous release update information in quality and reliability for easier reference.

 

Yesterday, we released the February 2019 Security and Quality Rollup.

Security

CVE-2019-0613 – Remote Code Execution Vulnerability

This security update resolves a vulnerability in .NET Framework software if the software does not check the source markup of a file. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on by using administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts that have full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who have administrative user rights.

CVE-2019-0657 – Domain Spoofing Vulnerability

This security update resolves a vulnerability in certain .NET Framework APIs that parse URLs. An attacker who successfully exploits this vulnerability could use it to bypass security logic that’s intended to make sure that a user-provided URL belonged to a specific host name or a subdomain of that host name. This could be used to cause privileged communication to be made to an untrusted service as if it were a trusted service.

CVE-2019-0657

Quality and Reliability

This release contains the following previously released quality and reliability improvements, January 2019 Preview of Quality Rollup.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product VersionSecurity and Quality Rollup KB
Windows 10 1809 (October 2018 Update)Catalog
Windows Server 20194483452
.NET Framework 3.5, 4.7.24483452
Windows 10 1803 (April 2018 Update)Catalog
4487017
.NET Framework 3.5, 4.7.24487017
Windows 10 1709 (Fall Creators Update)Catalog
4486996
.NET Framework 3.5, 4.7.1, 4.7.24486996
Windows 10 1703 (Creators Update)Catalog
4487020
.NET Framework 3.5, 4.7, 4.7.1, 4.7.24487020
Windows 10 1607 (Anniversary Update)Catalog
Windows Server 20164487026
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.24487026
Windows 10 1507Catalog
4487018
.NET Framework 3.5, 4.6, 4.6.1, 4.6.24487018

The following table is for earlier Windows and Windows Server versions.

Product VersionSecurity and Quality Rollup KBSecurity Only Update KB
Windows 8.1
Windows RT 8.1
Windows Server 2012 R2
Catalog
4487080
Catalog
4487124
.NET Framework 3.5Catalog
4483459
Catalog
4483484
.NET Framework 4.5.2Catalog
4483453
Catalog
4483472
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog
4483450
Catalog
4483469
Windows Server 2012Catalog
4487079
Catalog
4487122
.NET Framework 3.5Catalog
4483456
Catalog
4483481
.NET Framework 4.5.2Catalog
4483454
Catalog
4483473
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog
4483449
Catalog
4483468
Windows 7 SP1CatalogCatalog
Windows Server 2008 R2 SP144870784487121
.NET Framework 3.5.1Catalog
4483458
Catalog
4483483
.NET Framework 4.5.2Catalog
4483455
Catalog
4483474
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog
4483451
Catalog
4483470
Windows Server 2008Catalog
4487081
Catalog
4487124
.NET Framework 2.0, 3.0Catalog
4483457
Catalog
4483482
.NET Framework 4.5.2Catalog
4483455
Catalog
4483474
.NET Framework 4.6Catalog
4483451
Catalog
4483470

Docker Images

We are updating the following .NET Framework Docker images for today’s release:

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: Significant changes have been made with Docker images recently. Please look at .NET Docker Announcements for more information.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

Tara Overfield
Tara Overfield

Software Engineer II , .NET Servicing

Follow Tara   

Avatar
dean kenley 2019-03-07 10:43:48
We are having an issue that this update for Windows 10 1607 LTSB is not updating the system.dll file. Here is a clip for our Tenable.io scan for systems showing this error  Microsoft .NET Framework 3.5 The remote host is missing one of the following rollup KBs : Cumulative - 4487026 C:\windows\Microsoft.NET\Framework\v2.0.50727\system.dll has not been patched. Remote version : 2.0.50727.8784 Should be : 2.0.50727.8803I have checked the csv file showing the files for KB4487026. It shows system.dll should be 2.0.50727.8803 but only for x86 platform and all of our 1607 LTSB systems are 64bit systems. I have checked the systems and they are showing KB4487026 is installed but the system.dll file is not updating. Any guidance would be appreciated.