July 11th, 2017

.NET Framework July 2017 Security and Quality Rollup

Rich Lander [MSFT]
Program Manager

Today, we are releasing a new Security and Quality Rollup and Security Only Update for the .NET Framework. Today’s update applies to Windows 10 and Windows Server 2016.

Security

Microsoft Common Vulnerabilities and Exposures CVE-2017-8585

A denial of service vulnerability exists when Microsoft Common Object Runtime Library improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET web application.

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET application.

The update addresses the vulnerability by correcting how the .NET web application handles web requests.

More info: Microsoft Common Vulnerabilities and Exposures CVE-2017-0248.

Quality and Reliability

There are no quality and reliability changes this month.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services and Microsoft Update Catalog. The Security Only Update is not available for Windows 10. The updates for Windows 10 are integrated with the Windows 10 Monthly Update.

You can learn more about the releases from the table below.

Windows Version .NET Version Rollup KB Security-only KB
Windows 10 Update 1703 (Creators Update) .NET Framework 3.5 and 4.7 4025342 N/A
Windows 10 Update 1607 (Anniversary Update) Windows Server 2016 .NET Framework 3.5, 4.6.2 and 4.7 4025339 N/A
Windows 10 Update 1511 .NET Framework 3.5 and 4.6.1 4025344 N/A
Windows 10 Update 1507 .NET Framework 3.5 and 4.6 4025338 N/A

Docker Images

The following Docker images have been updated with today’s release.

You must explicitly re-pull images to update your local Docker image cache, for example with docker pull microsoft/dotnet-framework:4.7. The Docker client does not pull updated base images automatically.

.NET Framework

The .NET Framework Docker images have been updated to include the .NET Framework July Security and Quality Rollup and have been rebased on top of the latest microsoft/windowsservercore base image (released today).

.NET Core

The .NET Core Docker images have been updated to rebase on top of the latest microsoft/nanoserver base image (released today). .NET Core has not been updated.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

Previously released security and quality updates are included in today’s release. You can read the .NET Framework Monthly Rollups Explained to learn more about how the .NET Framework is updated.

Category
.NET

Author

Rich Lander [MSFT]
Program Manager

Richard Lander is a Principal Program Manager on the .NET Core team. He works on making .NET Core work great in memory-limited Docker containers, on ARM hardware like the Raspberry Pi, and enabling GPIO programming and IoT scenarios. He is part of the design team that defines new .NET runtime capabilities and features. He enjoys British rock and Doctor Who. He grew up in Canada and New Zealand.

0 comments

Discussion are closed.