.NET Framework September 2019 Security and Quality Rollup

Avatar

Brett

Today, we are releasing the September 2019 Cumulative Update, Security and Quality Rollup, and Security Only Update for .NET Framework.

Security

CVE-2019-1142– .NET Framework Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has.

To exploit the vulnerability, an attacker would need to log into a system. The attacker could then specify the targeted folder and trigger an affected process to run.

This update addresses the vulnerability correcting how the .NET Framework CLR process logs data.

CVE-2019-1142

 

Getting the Update

The Cumulative Update and Security and Quality Rollup are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.  The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

 

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog.  Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

Note: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product VersionCumulative Update
Windows 10 1903 (May 2019 Update)               
.NET Framework 3.5, 4.8Catalog
4514359
Windows 10 1809 (October 2018 Update)
Windows Server 2019

4514601
 
.NET Framework 3.5, 4.7.2Catalog
4514366
.NET Framework 3.5, 4.8Catalog
4514358
Windows 10 1803 (April 2018 Update) 
.NET Framework 3.5, 4.7.2Catalog
4516058
.NET Framework 4.8Catalog
4514357
Windows 10 1709 (Fall Creators Update)              
.NET Framework 3.5, 4.7.1, 4.7.2Catalog
4516066
.NET Framework 4.8Catalog
4514356
Windows 10 1703 (Creators Update) 

 

.NET Framework 3.5, 4.7, 4.7.1, 4.7.2Catalog
4516068
.NET Framework 4.8Catalog
4514355
Windows 10 1607 (Anniversary Update)
Windows Server 2016
 
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog
4516044
.NET Framework 4.8Catalog
4514354
Windows 10 1507 
.NET Framework 3.5, 4.6, 4.6.1, 4.6.2Catalog
4516070

 

The following table is for earlier Windows and Windows Server versions.

Product VersionSecurity and Quality RollupSecurity Only Update
Windows 8.1
Windows RT 8.1
Windows Server 2012 R2

Catalog
4514604
 

Catalog
4514599
 
.NET Framework 3.5Catalog
4514371
Catalog
4514350
.NET Framework 4.5.2Catalog
4514367
Catalog
4514341
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog
4514364
Catalog
4514338
.NET Framework 4.8Catalog
4514361
Catalog
4514331
 

Windows Server 2012

 

 

Catalog
4514603

 

 

Catalog
4514598

 

.NET Framework 3.5Catalog
4514370
Catalog
4514349
.NET Framework 4.5.2Catalog
4514368
Catalog
4514342
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog
4514363
Catalog
4514337
.NET Framework 4.8Catalog
4514360
Catalog
4514330
 

Windows 7 SP1
Windows Server 2008 R2 SP1

 


Catalog
4514602
 
 

N/A

 

.NET Framework 3.5.1Catalog
4507004
N/A
.NET Framework 4.5.2Catalog
4507001
N/A
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2Catalog
4511516
N/A
.NET Framework 4.8Catalog
4511525
N/A
 

Windows Server 2008

 


Catalog
4514605
 
 

N/A

 

.NET Framework 2.0, 3.0Catalog
4507003
N/A
.NET Framework 4.5.2Catalog
4507001
N/A
.NET Framework 4.6Catalog
4511516
N/A

Docker Images

We will be updating the following .NET Framework container images later today:

Note: You must re-pull base images in order to get updates. The Docker client does not pull updates automatically.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

Avatar
Brett Lopez

Program Manager, .NET Framework

Follow Brett   

0 comments

    Leave a comment