.NET Framework September 2019 Security and Quality Rollup

Brett Lopez


Today, we are releasing the September 2019 Cumulative Update, Security and Quality Rollup, and Security Only Update for .NET Framework.


CVE-2019-1142– .NET Framework Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has.

To exploit the vulnerability, an attacker would need to log into a system. The attacker could then specify the targeted folder and trigger an affected process to run.

This update addresses the vulnerability correcting how the .NET Framework CLR process logs data.



Getting the Update

The Cumulative Update and Security and Quality Rollup are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.  The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.


Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog.  Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

Note: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product VersionCumulative Update
Windows 10 1903 (May 2019 Update)               
.NET Framework 3.5, 4.8Catalog 4514359
Windows 10 1809 (October 2018 Update) Windows Server 2019 4514601 
.NET Framework 3.5, 4.7.2Catalog 4514366
.NET Framework 3.5, 4.8Catalog 4514358
Windows 10 1803 (April 2018 Update) 
.NET Framework 3.5, 4.7.2Catalog 4516058
.NET Framework 4.8Catalog 4514357
Windows 10 1709 (Fall Creators Update)              
.NET Framework 3.5, 4.7.1, 4.7.2Catalog 4516066
.NET Framework 4.8Catalog 4514356
Windows 10 1703 (Creators Update) 


.NET Framework 3.5, 4.7, 4.7.1, 4.7.2Catalog 4516068
.NET Framework 4.8Catalog 4514355
Windows 10 1607 (Anniversary Update) Windows Server 2016 
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog 4516044
.NET Framework 4.8Catalog 4514354
Windows 10 1507 
.NET Framework 3.5, 4.6, 4.6.1, 4.6.2Catalog 4516070


The following table is for earlier Windows and Windows Server versions.

Product VersionSecurity and Quality RollupSecurity Only Update
Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 Catalog 4514604  Catalog 4514599 
.NET Framework 3.5Catalog 4514371Catalog 4514350
.NET Framework 4.5.2Catalog 4514367Catalog 4514341
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog 4514364Catalog 4514338
.NET Framework 4.8Catalog 4514361Catalog 4514331

Windows Server 2012



Catalog 4514603



Catalog 4514598


.NET Framework 3.5Catalog 4514370Catalog 4514349
.NET Framework 4.5.2Catalog 4514368Catalog 4514342
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog 4514363Catalog 4514337
.NET Framework 4.8Catalog 4514360Catalog 4514330

Windows 7 SP1 Windows Server 2008 R2 SP1


Catalog 4514602  



.NET Framework 3.5.1Catalog 4507004N/A
.NET Framework 4.5.2Catalog 4507001N/A
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog 4511516N/A
.NET Framework 4.8Catalog 4511525N/A

Windows Server 2008


Catalog 4514605  



.NET Framework 2.0, 3.0Catalog 4507003N/A
.NET Framework 4.5.2Catalog 4507001N/A
.NET Framework 4.6Catalog 4511516N/A

Docker Images

We will be updating the following .NET Framework container images later today:

Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:


Comments are closed. Login to edit/delete your existing comments