.NET Framework May 2018 Security and Quality Rollup



Today, we are releasing the May 2018 Security and Quality Rollup.


CVE-2018-1039 – Windows Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how Windows validates User Mode Code Integrity policies


CVE-2018-0765 – .NET and .NET Core Denial Of Service Vulnerability

A Denial of Service vulnerability exists when .NET, and .NET core, improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET(or .NET core) application.

The update addresses the vulnerability by correcting how a .NET, and .NET core, applications handles XML document processing.


Quality and Reliability

This release contains the following quality and reliability improvements.


  • Floating-point overflow in the thread pool’s hill climbing algorithm. [569602]
  • High CPU usage in a kernel lock ntoskrnl!ExpWaitForSpinLockExclusiveAndAcquire called by ntoskrnl!KiPageFault is resolved by CLR implemented write watch instead [568318]

Note: Additional information on these improvements is not available. The VSTS bug number provided with each improvement is a unique ID that you can give Microsoft Customer Support, include in StackOverflow comments or use in web searches.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.

The following table is for Windows 10 and Windows Server 2016+.

Product VersionSecurity and Quality Rollup KB
Windows 10 1803 (April 2018 Update)Catalog 4103721
.NET Framework 3.54103721
.NET Framework 4.7.24103721
Windows 10 1709 (Fall Creators Update)Catalog 4103727
.NET Framework 3.54103727
.NET Framework 4.7.14103727
Windows 10 1703 (Creators Update)Catalog 4103731
.NET Framework 3.54103731
.NET Framework 4.7, 4.7.14103731
Windows 10 1607 (Anniversary Update) Windows Server 2016Catalog 4103723
.NET Framework 3.54103723
.NET Framework 4.6.2, 4.7, 4.7.14103723
Windows 10 1507Catalog 4103716
.NET Framework 3.54103716
.NET Framework 4.6, 4.6.1, 4.6.24103716

The following table is for earlier Windows and Windows versions.

Product VersionSecurity and Quality Rollup KBSecurity Rollup KB
Windows 8.1 Windows RT 8.1 Windows Server 2012 R2Catalog 4099635Catalog 4099639
.NET Framework 3.540958754095515
.NET Framework 4.5.240958764095517
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.140964174096236
Windows Server 2012Catalog 4099634Catalog 4099638
.NET Framework 3.540958724095512
.NET Framework 4.5.240964944095518
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.140964164096235
Windows 7 Windows Server 2008 R2Catalog 4099633Catalog 4099637
.NET Framework 3.5.140958744095514
.NET Framework 4.5.240964954095519
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.140964184096237
Windows Server 2008Catalog 4099636Catalog 4099640
.NET Framework 2.0, 3.040958734095513
.NET Framework 4.5.240964954095519
.NET Framework 4.640964184096237

Docker Images

We are updating the following .NET Framework Docker images for today’s release:

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:


Comments are closed. Login to edit/delete your existing comments