.NET Framework September 2019 Security and Quality Rollup

Today, we are releasing the September 2019 Cumulative Update, Security and Quality Rollup, and Security Only Update for .NET Framework.

Security

CVE-2019-1142– .NET Framework Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has.

To exploit the vulnerability, an attacker would need to log into a system. The attacker could then specify the targeted folder and trigger an affected process to run.

This update addresses the vulnerability correcting how the .NET Framework CLR process logs data.

CVE-2019-1142

Getting the Update

The Cumulative Update and Security and Quality Rollup are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

Note: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product Version	Cumulative Update
Windows 10 1903 (May 2019 Update)
.NET Framework 3.5, 4.8	Catalog 4514359
Windows 10 1809 (October 2018 Update) Windows Server 2019	4514601
.NET Framework 3.5, 4.7.2	Catalog 4514366
.NET Framework 3.5, 4.8	Catalog 4514358
Windows 10 1803 (April 2018 Update)
.NET Framework 3.5, 4.7.2	Catalog 4516058
.NET Framework 4.8	Catalog 4514357
Windows 10 1709 (Fall Creators Update)
.NET Framework 3.5, 4.7.1, 4.7.2	Catalog 4516066
.NET Framework 4.8	Catalog 4514356
Windows 10 1703 (Creators Update)
.NET Framework 3.5, 4.7, 4.7.1, 4.7.2	Catalog 4516068
.NET Framework 4.8	Catalog 4514355
Windows 10 1607 (Anniversary Update) Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2	Catalog 4516044
.NET Framework 4.8	Catalog 4514354
Windows 10 1507
.NET Framework 3.5, 4.6, 4.6.1, 4.6.2	Catalog 4516070

The following table is for earlier Windows and Windows Server versions.

Product Version	Security and Quality Rollup	Security Only Update
Windows 8.1 Windows RT 8.1 Windows Server 2012 R2	Catalog 4514604	Catalog 4514599
.NET Framework 3.5	Catalog 4514371	Catalog 4514350
.NET Framework 4.5.2	Catalog 4514367	Catalog 4514341
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2	Catalog 4514364	Catalog 4514338
.NET Framework 4.8	Catalog 4514361	Catalog 4514331
Windows Server 2012	Catalog 4514603	Catalog 4514598
.NET Framework 3.5	Catalog 4514370	Cata log 45 14349
.NET Framework 4.5.2	Catalog 4514368	Catalog 4514342
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2	Catalog 4514363	Catalog 4514337
.NET Framework 4.8	Catalog 4514360	Catalog 4514330
Windows 7 SP1 Windows Server 2008 R2 SP1	Catalog 4514602	N/A
.NET Framework 3.5.1	Catalog 4507004	N/A
.NET Framework 4.5.2	Catalog 4507001	N/A
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2	Catalog 4511516	N/A
.NET Framework 4.8	Catalog 4511525	N/A
Windows Server 2008	Catalog 4514605	N/A
.NET Framework 2.0, 3.0	Catalog 4507003	N/A
.NET Framework 4.5.2	Catalog 4507001	N/A
.NET Framework 4.6	Catalog 4511516	N/A