.NET Framework May 2019 Security and Quality Rollup

Tara Overfield

Tara

Today, we are releasing the May 2019 Cumulative Update, Security and Quality Rollup, and Security Only Update.

Security

CVE-2019-0820 – Denial of Service Vulnerability

A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Framework (or .NET core) application. The update addresses the vulnerability by correcting how .NET Framework and .NET Core applications handle RegEx string processing.

CVE-2019-0820

CVE-2019-0980 – Denial of Service Vulnerability

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework or .NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework or .NET Core application. The update addresses the vulnerability by correcting how .NET Framework or .NET Core web applications handles web requests.

CVE-2019-0980

CVE-2019-0981 – Denial of Service Vulnerability

A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework or .NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework or .NET Core application. The update addresses the vulnerability by correcting how .NET Framework or .NET Core web applications handles web requests.

CVE-2019-0981

CVE-2019-0864 – Denial of Service Vulnerability

A denial of service vulnerability exists when .NET Framework improperly handles objects in heap memory. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The security update addresses the vulnerability by correcting how .NET Framework handle objects in heap memory.

CVE-2019-0864

Getting the Update

The Cumulative Update and Security and Quality Rollup are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.  The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog.  Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product VersionCumulative Update
Windows 10 1903 (May 2019 Update)
4502507
.NET Framework 3.5, 4.8Catalog
4495620
Windows 10 1809 (October 2018 Update)
Windows Server 2019

4466961
.NET Framework 3.5, 4.7.2Catalog
4495590
.NET Framework 3.5, 4.8Catalog
4495618
Windows 10 1803 (April 2018 Update)
4498144
.NET Framework 3.5, 4.7.2Catalog
4499167
.NET Framework 4.8Catalog
4495616
Windows 10 1709 (Fall Creators Update)
4498143
.NET Framework 3.5, 4.7.1, 4.7.2Catalog
4499179
.NET Framework 4.8Catalog
4495613
Windows 10 1703 (Creators Update)
4498142
.NET Framework 3.5, 4.7, 4.7.1, 4.7.2Catalog
4499181
.NET Framework 4.8Catalog
4495611
Windows 10 1607 (Anniversary Update)
Windows Server 2016

4498141
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog
4494440
.NET Framework 4.8Catalog
4495610
Windows 10 1507
4499154
.NET Framework 3.5, 4.6, 4.6.1, 4.6.2Catalog
4499154

 

The following table is for earlier Windows and Windows Server versions.

Product VersionSecurity and Quality RollupSecurity Only Update
Windows 8.1
Windows RT 8.1
Windows Server 2012 R2

Catalog
4499408

Catalog
4498963
.NET Framework 3.5Catalog
4495608

Catalog
4495615
.NET Framework 4.5.2Catalog
4495592

Catalog
4495589
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog
4495585

Catalog
4495586
.NET Framework 4.8Catalog
4495624

Catalog
4495625
Windows Server 2012Catalog
4499407
Catalog
4498962
.NET Framework 3.5Catalog
4480061

Catalog
4495607
.NET Framework 4.5.2Catalog
4495594

Catalog
4495591
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog
4495582

Catalog
4495584
.NET Framework 4.8Catalog
4495622

Catalog
4495623
Windows 7 SP1
Windows Server 2008 R2 SP1

Catalog
4499406

Catalog
4498961
.NET Framework 3.5.1Catalog
4495606

Catalog
4495612
.NET Framework 4.5.2Catalog
4495596

Catalog
4495593
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog
4495588

Catalog
4495587
.NET Framework 4.8Catalog
4495627

Catalog
4495627
Windows Server 2008
Catalog
4499409

Catalog
4498964
.NET Framework 2.0, 3.0Catalog
4495604

Catalog
4495609
.NET Framework 4.5.2Catalog
4495596

Catalog
4495593
.NET Framework 4.6Catalog
4495588

Catalog
4495587

Docker Images

We are updating the following .NET Framework Docker images for today’s release:

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: Significant changes have been made with Docker images recently. Please look at .NET Docker Announcements for more information.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

Tara Overfield
Tara Overfield

Software Engineer II , .NET Servicing

Follow Tara   

2 Comments
Dexter Woo
Dexter Woo 2019-05-17 04:04:43
Any Plan for native ARM64 support on .NET framework?